Features
- Clean separation of policy from enforcement
- Well-defined policy interfaces
- Support for applications querying the policy and enforcing access control (for example, crond running jobs in the correct context)
- Independent of specific policies and policy languages
- Independent of specific security label formats and contents
- Individual labels and controls for kernel objects and services
- Support for policy changes
- Separate measures for protecting system integrity (domain-type) and data confidentiality (multilevel security)
- Flexible policy
- Controls over process initialization and inheritance and program execution
- Controls over file systems, directories, files, and open file descriptors
- Controls over sockets, messages, and network interfaces
- Controls over use of "capabilities"
- Cached information on access-decisions via the AVC (Access Vector Cache)
Read more about this topic: Security-Enhanced Linux
Famous quotes containing the word features:
“The features of our face are hardly more than gestures which force of habit made permanent. Nature, like the destruction of Pompeii, like the metamorphosis of a nymph into a tree, has arrested us in an accustomed movement.”
—Marcel Proust (1871–1922)