Language Selection

English French German Italian Portuguese Spanish

Overview of Linux Kernel Security Features

Filed under

In this article, we'll take a high-level look at the security features of the Linux kernel. We'll start with a brief overview of traditional Unix security, and the rationale for extending that for Linux, then we'll discuss the Linux security extensions.

Unix Security – Discretionary Access Control

Linux was initially developed as a clone of the Unix operating system in the early 1990s. As such, it inherits the core Unix security model—a form of Discretionary Access Control (DAC). The security features of the Linux kernel have evolved significantly to meet modern requirements, although Unix DAC remains as the core model.

Briefly, Unix DAC allows the owner of an object (such as a file) to set the security policy for that object—which is why it's called a discretionary scheme. As a user, you can, for example, create a new file in your home directory and decide who else may read or write the file. This policy is implemented as permission bits attached to the file's inode, which may be set by the owner of the file. Permissions for accessing the file, such as read and write, may be set separately for the owner, a specific group, and other (i.e. everyone else). This is a relatively simple form of access control lists (ACLs).

rest here

More in Tux Machines

A History Of Everyday Linux User's 350 Blog Posts

This article is something of a landmark as it is the 350th post on Everyday Linux User. I took last week off to celebrate. Well actually I went away with the family down to England for a few days and didn't take a computer with me. I did take in Alnwick Castle however which is the location for Hogwarts from the Harry Potter films. Read more

Kodi 17 "Krypton" Beta 4 Released with ARMv8A 64-bit Builds for Android, Fixes

Today, October 25, 2016, Martijn Kaijser had the great pleasure of announcing the release and immediate availability of the fourth, and probably the last Beta milestone of the upcoming Kodi 17 open-source and cross-platform media center software. Read more

GNOME's Epiphany 3.24 Web Browser to Use Firefox Sync Service, HTTPS Everywhere

The GNOME developers are preparing to release the first development version of the upcoming GNOME 3.24 desktop environment, versioned 3.23.1, and we can't help but notice that some of the core apps were updated recently. Read more

Suse: Question. What do you call second-place in ARM enterprise server linux? Answer: Red Hat

ARM TechCon Suse is claiming victory over Red Hat by announcing – and these caveats are all crucial – "the first commercial enterprise Linux distribution optimized for ARM AArch64 architecture servers." In plainer English, Suse has developed an enterprise-grade Linux distribution that runs on 64-bit ARM servers (should you happen to ever find one). Suse claims this software is a world first because it is a finished commercial product, thus beating Red Hat to the punch: Red Hat Enterprise Linux Server for ARM is still only available as a beta-like development preview. Read more