{"id":115502,"date":"2018-08-18T08:05:26","date_gmt":"2018-08-18T00:05:26","guid":{"rendered":"https:\/\/lrxjmw.cn\/?p=115502"},"modified":"2018-08-13T09:23:27","modified_gmt":"2018-08-13T01:23:27","slug":"sysadmin-guide-selinux","status":"publish","type":"post","link":"https:\/\/lrxjmw.cn\/sysadmin-guide-selinux.html","title":{"rendered":"\u7cfb\u7edf\u7ba1\u7406\u5458\u7684 SELinux \u6307\u5357"},"content":{"rendered":"

\"\"<\/p>\n

\u4e00\u4e2a\u91cd\u8981\u800c\u666e\u904d\u7684\u4e8b\u5b9e\u662f\uff0c\u4e8b\u60c5\u5e76\u4e0d\u603b\u662f\u4f60\u770b\u4e0a\u53bb\u7684\u90a3\u6837 \u2026\u201d \u2015Douglas Adams\uff0c\u300a\u94f6\u6cb3\u7cfb\u6f2b\u6e38\u6307\u5357\u300b<\/p><\/blockquote>\n

\u5b89\u5168\u3001\u575a\u56fa\u3001\u9075\u4ece\u6027\u3001\u7b56\u7565\u662f\u672b\u4e16\u4e2d\u7cfb\u7edf\u7ba1\u7406\u5458\u7684\u56db\u9a91\u58eb\u3002\u9664\u4e86\u6211\u4eec\u7684\u65e5\u5e38\u4efb\u52a1\u4e4b\u5916 \u2014\u2014 \u76d1\u63a7\u3001\u5907\u4efd\u3001\u5b9e\u65bd\u3001\u8c03\u4f18\u3001\u66f4\u65b0\u7b49\u7b49 \u2014\u2014 \u6211\u4eec\u8fd8\u9700\u8981\u8d1f\u8d23\u6211\u4eec\u7684\u7cfb\u7edf\u5b89\u5168\u3002\u5373\u4f7f\u8fd9\u4e9b\u7cfb\u7edf\u662f\u7b2c\u4e09\u65b9\u63d0\u4f9b\u5546\u544a\u8bc9\u6211\u4eec\u8be5\u7981\u7528\u589e\u5f3a\u5b89\u5168\u6027\u7684\u7cfb\u7edf\u3002\u8fd9\u770b\u8d77\u6765\u50cf\u300a\u789f\u4e2d\u789f\u300b\u4e2d Ethan Hunt<\/a>[1]<\/span> \u7684\u5de5\u4f5c\u4e00\u6837\u3002<\/p>\n

\u9762\u5bf9\u8fd9\u79cd\u7a98\u5883\uff0c\u4e00\u4e9b\u7cfb\u7edf\u7ba1\u7406\u5458\u51b3\u5b9a\u53bb\u670d\u7528\u84dd\u8272\u5c0f\u836f\u4e38<\/a>[2]<\/span>\uff0c\u56e0\u4e3a\u4ed6\u4eec\u8ba4\u4e3a\u4ed6\u4eec\u6c38\u8fdc\u4e5f\u4e0d\u4f1a\u77e5\u9053\u5982\u751f\u547d\u3001\u5b87\u5b99\u3001\u4ee5\u53ca\u5176\u5b83\u4e00\u4e9b\u5927\u95ee\u9898\u7684\u7b54\u6848\u3002\u800c\u6211\u4eec\u90fd\u77e5\u9053\uff0c\u5b83\u7684\u7b54\u6848\u5c31\u662f\u8fd9\u4e2a 42<\/a>[3]<\/span><\/strong>\u3002<\/p>\n

\u6309\u300a\u94f6\u6cb3\u7cfb\u6f2b\u6e38\u6307\u5357\u300b\u7684\u7cbe\u795e\uff0c\u8fd9\u91cc\u662f\u5173\u4e8e\u5728\u4f60\u7684\u7cfb\u7edf\u4e0a\u7ba1\u7406\u548c\u4f7f\u7528 SELinux<\/a>[4]<\/span> \u8fd9\u4e2a\u5927\u95ee\u9898\u7684 42 \u4e2a\u7b54\u6848\u3002<\/p>\n

    \n
  1. SELinux \u662f\u4e00\u4e2a\u6807\u7b7e\u7cfb\u7edf\uff0c\u8fd9\u610f\u5473\u7740\u6bcf\u4e2a\u8fdb\u7a0b\u90fd\u6709\u4e00\u4e2a\u6807\u7b7e\u3002\u6bcf\u4e2a\u6587\u4ef6\u3001\u76ee\u5f55\u3001\u4ee5\u53ca\u7cfb\u7edf\u5bf9\u8c61\u90fd\u6709\u4e00\u4e2a\u6807\u7b7e\u3002\u7b56\u7565\u89c4\u5219\u8d1f\u8d23\u63a7\u5236\u6807\u7b7e\u5316\u7684\u8fdb\u7a0b\u548c\u6807\u7b7e\u5316\u7684\u5bf9\u8c61\u4e4b\u95f4\u7684\u8bbf\u95ee\u3002\u7531\u5185\u6838\u5f3a\u5236\u6267\u884c\u8fd9\u4e9b\u89c4\u5219\u3002<\/li>\n
  2. \u4e24\u4e2a\u6700\u91cd\u8981\u7684\u6982\u5ff5\u662f\uff1a\u6807\u7b7e\u5316\uff08\u6587\u4ef6\u3001\u8fdb\u7a0b\u3001\u7aef\u53e3\u7b49\u7b49\uff09\u548c\u7c7b\u578b\u5f3a\u5236\uff08\u57fa\u4e8e\u4e0d\u540c\u7684\u7c7b\u578b\u9694\u79bb\u4e0d\u540c\u7684\u7684\u8fdb\u7a0b\uff09\u3002<\/li>\n
  3. \u6b63\u786e\u7684\u6807\u7b7e\u683c\u5f0f\u662f user:role:type:level<\/span>\uff08\u53ef\u9009\uff09\u3002<\/li>\n
  4. \u591a\u7ea7\u522b\u5b89\u5168Multi-Level Security<\/rt><\/ruby>\uff08MLS\uff09\u5f3a\u5236\u7684\u76ee\u7684\u662f\u57fa\u4e8e\u5b83\u4eec\u6240\u4f7f\u7528\u6570\u636e\u7684\u5b89\u5168\u7ea7\u522b\uff0c\u5bf9\u8fdb\u7a0b\uff08\u57df\uff09\u5f3a\u5236\u5b9e\u65bd\u63a7\u5236\u3002\u6bd4\u5982\uff0c\u4e00\u4e2a\u79d8\u5bc6\u7ea7\u522b\u7684\u8fdb\u7a0b\u662f\u4e0d\u80fd\u8bfb\u53d6\u6781\u673a\u5bc6\u7ea7\u522b\u7684\u6570\u636e\u3002<\/li>\n
  5. \u591a\u7c7b\u522b\u5b89\u5168Multi-Category Security<\/rt><\/ruby>\uff08MCS\uff09\u5f3a\u5236\u76f8\u4e92\u4fdd\u62a4\u76f8\u4f3c\u7684\u8fdb\u7a0b\uff08\u5982\u865a\u62df\u673a\u3001OpenShift gears\u3001SELinux \u6c99\u76d2\u3001\u5bb9\u5668\u7b49\u7b49\uff09\u3002<\/li>\n
  6. \u5728\u542f\u52a8\u65f6\u6539\u53d8 SELinux \u6a21\u5f0f\u7684\u5185\u6838\u53c2\u6570\u6709\uff1a\n