The discussion in the preceding section
might lead you to believe that SELinux makes security decisions based
on the identity of individual subjects and objects. In principle,
such a system could be made to work. But the system would be
unnecessarily unwieldy. Because processes related to a single program
can generally be treated the same, it’s more
convenient to make security decisions based on sets or classes of
subjects and objects rather than on individual objects. For example,
every instance of the SSH server should generally be given the same
permissions, including read access to
/etc/ssh/sshd_config. Similarly, all the files
within a given directory often can be manipulated by the same
subject. For example, the DHCP service should be permitted to
manipulate any of the files in
To simplify decision making, similar subjects can be grouped and
similar objects can be grouped.
SELinux associates information called security attributes with subjects and objects and bases its security decisions on the values of these attributes. Three security attributes are used:
The user identity indicates the SELinux user account associated with a subject or object. In the case of a subject, the user identity gives the SELinux user account under which the process is running. In the case of an object, the user identity gives the user account that owns the object.
In tracking user identities, SELinux does not use the list of user accounts maintained ...