Filter
Top Products
5 Functional descriptions
The kernel structure, its trusted software, and its Target of Evaluation (TOE) Security Functions (TSF)
databases provide the foundation for the descriptions in this chapter.
5.1 File and I/O management
The file and I/O subsystem is a management system for defining objects on secondary storage devices. The
file and I/O subsystem interacts with the memory subsystem, the network subsystem, the inter-process
communication (IPC) subsystem, the process subsystem, and the device drivers.
A file system is a container for objects on the secondary storage devices. The implementation of the file
system allows for the management of a variety of types of file systems. The file systems supported by TOE
are ext3, proc, tmpfs, sysfs, devpts, CD-ROM, rootfs, and binfmt_misc.
At the user-interface level, a file system is organized as a tree with a single root, called a directory. A
directory contains other directories and files, which are the leaf nodes of the tree. Files are the primary
containers of user data. Additionally, files can be symbolic links, named pipes, sockets, or special files that
represent devices.
This section briefly describes the SLES file system implementation, and focuses on how file system object
attributes support the kernel’s implementation of the Discretionary Access Checks (DAC) policy of the
kernel. This section also highlights how file system data and metadata are allocated and initialized to satisfy
the object reuse requirement.
32
SELinux
Figure 5-1: File and I/O subsystem and its interaction with other subsystems