IBM 10 SP1 EAL4 Server User Manual


 
4.1.2.1 DAC....................................................................................................................................25
4.1.2.2 AppArmor............................................................................................................................26
4.1.2.3 Programs with software privilege.........................................................................................26
4.2 TOE Security Functions software structure.........................................................................................27
4.2.1 Kernel TSF software....................................................................................................................28
4.2.1.1 Logical components.............................................................................................................29
4.2.1.2 Execution components.........................................................................................................30
4.2.2 Non-kernel TSF software.............................................................................................................31
4.3 TSF databases......................................................................................................................................34
4.4 Definition of subsystems for the CC evaluation...................................................................................34
4.4.1 Hardware......................................................................................................................................35
4.4.2 Firmware......................................................................................................................................35
4.4.3 Kernel subsystems........................................................................................................................35
4.4.4 Trusted process subsystems..........................................................................................................35
4.4.5 User-level audit subsystem...........................................................................................................36
5 Functional descriptions................................................................................................................................38
5.1 File and I/O management.....................................................................................................................38
5.1.1 Virtual File System......................................................................................................................39
5.1.1.1 Pathname translation............................................................................................................41
5.1.1.2 open()...................................................................................................................................44
5.1.1.3 write()...................................................................................................................................45
5.1.1.4 mount().................................................................................................................................45
5.1.1.5 Shared subtrees....................................................................................................................46
5.1.2 Disk-based file systems................................................................................................................46
5.1.2.1 Ext3 file system....................................................................................................................47
5.1.2.2 ISO 9660 file system for CD-ROM......................................................................................51
5.1.3 Pseudo file systems......................................................................................................................52
5.1.3.1 procfs...................................................................................................................................52
5.1.3.2 tmpfs....................................................................................................................................53
5.1.3.3 sysfs.....................................................................................................................................53
5.1.3.4 devpts...................................................................................................................................53
5.1.3.5 rootfs....................................................................................................................................54
5.1.3.6 binfmt_misc.........................................................................................................................54
5.1.3.7 securityfs..............................................................................................................................54
5.1.3.8 configfs................................................................................................................................55
5.1.4 inotify...........................................................................................................................................55
4