SELinux Security Policies and Mechanisms

Questions and Answers

What is the main purpose of the Access Vector Cache (AVC) in Security Enhanced Linux?

To improve performance by caching access control decisions (correct)

To store security contexts of persistent entities

To map inodes to security contexts

To integrate security contexts into policy-independent inodes

What is the role of the Object Manager in Security Enhanced Linux?

To map PSIDs to SIDs (correct)

To implement security policies

To cache security contexts

To manage persistent entities

What is a persistent SID (PSID) in Security Enhanced Linux?

A security context of a file system

An object manager-local persistent security identifier (correct)

A bijective mapping of an inode to a security context

A policy-independent security context

What is the purpose of the inode/PSID map in Security Enhanced Linux?

To map inodes to persistent SIDs

What is the role of the Security Server in Security Enhanced Linux?

To provide access control decisions

What is the benefit of using the Access Vector Cache (AVC) in Security Enhanced Linux?

Improved performance

What is the relationship between an inode and a PSID in Security Enhanced Linux?

Bijective mapping

What is the purpose of the PSID/security context mapping in Security Enhanced Linux?

To map a PSID to a security context

Where is the Access Vector Cache (AVC) located in Security Enhanced Linux?

In the Object Manager

What is the role of the Policy Manager in Security Enhanced Linux?

To implement security policies