Previous Next Table of Contents

Linux-Privs

Andrew G. Morgan, `morgan@parc.power.net`

DRAFT v0.10 1997/4/21

This is the specification document for Linux-Privs. It is a "standard" describing the kernel component to a secure system based around a Linux Kernel and is designed to be as compatible with POSIX.1e as is possible without open access to the actual specifications.

1. Introduction

2. Capabilities

2.1 POSIX capabilities
2.2 Linux specific capabilities
2.3 Other capabilities

3. Capability sets

3.1 Sets of capabilities
3.2 Filesystem capabilitiy sets
3.3 Process/task capabilities

4. Access Control Lists (ACL)

5. Mandatory Access Control (MAC)

6. Information Labels (IL)

7. Sensitivity Labels (SL)

8. Integrity checking; system recovery

9. Auditing

9.1 First some kernel infrastructure:
9.2 What audit records should contain?
9.3 Next some Policy (when/what should we audit):
9.4 User level auditing (POSIX):
9.5 Internal kernel auditing facility
9.6 Preserving the audit log
9.7 Auditing policy

10. Process/task credentials

11. Acknowledgements

12. Copyright/license for this document

Previous Next Table of Contents

Linux-Privs

Andrew G. Morgan, morgan@parc.power.net

Andrew G. Morgan, `morgan@parc.power.net`