Type enforcement

from Wikipedia, the free encyclopedia

Under Type Enforcement is defined as a form of implementation of a MAC system's. When defining the access rules, it is not the resources to be protected themselves that are specified , but a type that has been assigned to them.

example

Under SELinux , a group of files to be protected can be assigned a type. For example, you can assign the type var_mqueue_t to all files that are in the mail spool .

If you want to allow a mail server to access these files, you only have to specify the type var_mqueue_t in the access rules instead of file names .

Implementations

SELinux is an extension of the Linux operating system , which implements a type enforcement system.