Features
- Clean separation of policy from enforcement
- Well-defined policy interfaces
- Support for applications querying the policy and enforcing access control (for example, crond running jobs in the correct context)
- Independent of specific policies and policy languages
- Independent of specific security label formats and contents
- Individual labels and controls for kernel objects and services
- Support for policy changes
- Separate measures for protecting system integrity (domain-type) and data confidentiality (multilevel security)
- Flexible policy
- Controls over process initialization and inheritance and program execution
- Controls over file systems, directories, files, and open file descriptors
- Controls over sockets, messages, and network interfaces
- Controls over use of "capabilities"
- Cached information on access-decisions via the AVC (Access Vector Cache)
Read more about this topic: Security-Enhanced Linux
Famous quotes containing the word features:
““It looks as if
Some pallid thing had squashed its features flat
And its eyes shut with overeagerness
To see what people found so interesting
In one another, and had gone to sleep
Of its own stupid lack of understanding,
Or broken its white neck of mushroom stuff
Short off, and died against the windowpane.””
—Robert Frost (1874–1963)
“It is a tribute to the peculiar horror of contemporary life that it makes the worst features of earlier times—the stupefaction of the masses, the obsessed and driven lives of the bourgeoisie—seem attractive by comparison.”
—Christopher Lasch (b. 1932)
“The features of our face are hardly more than gestures which force of habit made permanent. Nature, like the destruction of Pompeii, like the metamorphosis of a nymph into a tree, has arrested us in an accustomed movement.”
—Marcel Proust (1871–1922)