SELinux Security Policies and Mechanisms

Questions and Answers

What is the main purpose of the Access Vector Cache (AVC) in Security Enhanced Linux?

• To improve performance by caching access control decisions (correct)
• To store security contexts of persistent entities
• To map inodes to security contexts
• To integrate security contexts into policy-independent inodes

What is the role of the Object Manager in Security Enhanced Linux?

• To map PSIDs to SIDs (correct)
• To implement security policies
• To cache security contexts
• To manage persistent entities

What is a persistent SID (PSID) in Security Enhanced Linux?

• A security context of a file system
• An object manager-local persistent security identifier (correct)
• A bijective mapping of an inode to a security context
• A policy-independent security context

What is the purpose of the inode/PSID map in Security Enhanced Linux?

To map inodes to persistent SIDs (D)

What is the role of the Security Server in Security Enhanced Linux?

To provide access control decisions (D)

What is the benefit of using the Access Vector Cache (AVC) in Security Enhanced Linux?

Improved performance (B)

What is the relationship between an inode and a PSID in Security Enhanced Linux?

Bijective mapping (C)

What is the purpose of the PSID/security context mapping in Security Enhanced Linux?

To map a PSID to a security context (B)

Where is the Access Vector Cache (AVC) located in Security Enhanced Linux?

In the Object Manager (B)

What is the role of the Policy Manager in Security Enhanced Linux?

To implement security policies (C)