用户手册目录1 Introduction131.1 Purpose of this document131.2 Document overview131.3 Conventions used in this document131.4 Terminology132 System Overview142.1 Product history152.1.1 SUSE Linux Enterprise Server152.1.2 eServer systems152.2 High-level product overview152.2.1 eServer host computer structure162.2.2 eServer system structure182.2.3 TOE services182.2.4 Security policy192.2.5 Operation and administration202.2.6 TSF interfaces202.3 Approach to TSF identification213 Hardware architecture243.1 System x243.1.1 System x hardware overview243.1.2 System x hardware architecture243.2 System p253.2.1 System p hardware overview253.2.2 System p hardware architecture253.3 System z263.3.1 System z hardware overview263.3.2 System z hardware architecture263.4 eServer 326273.4.1 eServer 326 hardware overview273.4.2 eServer 326 hardware architecture274 Software architecture304.1 Hardware and software privilege304.1.1 Hardware privilege304.1.1.1 Privilege level304.1.2 Software privilege324.1.2.1 DAC334.1.2.1.1 Subjects and objects334.1.2.1.2 Attributes334.1.2.1.3 Access control rules334.1.2.1.4 Software privilege334.1.2.2 AppArmor334.1.2.3 Programs with software privilege344.2 TOE Security Functions software structure344.2.1 Kernel TSF software354.2.1.1 Logical components364.2.1.2 Execution components374.2.1.2.1 Base kernel374.2.1.2.2 Kernel threads374.2.1.2.3 Kernel modules and device drivers384.2.2 Non-kernel TSF software384.3 TSF databases404.4 Definition of subsystems for the CC evaluation404.4.1 Hardware414.4.2 Firmware414.4.3 Kernel subsystems414.4.4 Trusted process subsystems414.4.5 User-level audit subsystem425 Functional descriptions445.1 File and I/O management445.1.1 Virtual File System455.1.1.1 Pathname translation475.1.1.2 open()495.1.1.3 write()505.1.1.4 mount()505.1.1.5 Shared subtrees505.1.2 Disk-based file systems515.1.2.1 Ext3 file system515.1.2.1.1 Extended Attributes515.1.2.1.1.1 Access Control Lists525.1.2.1.2 Data structures525.1.2.2 ISO 9660 file system for CD-ROM555.1.2.2.1 Data structures and algorithms555.1.3 Pseudo file systems565.1.3.1 procfs565.1.3.2 tmpfs565.1.3.3 sysfs575.1.3.4 devpts575.1.3.5 rootfs575.1.3.6 binfmt_misc585.1.3.7 securityfs585.1.3.8 configfs585.1.4 inotify585.1.5 Discretionary Access Control (DAC)585.1.5.1 Permission bits595.1.5.2 Access Control Lists605.1.5.2.1 Types of ACL tags605.1.5.2.2 ACL qualifier605.1.5.2.3 ACL permissions615.1.5.2.4 Relationship to file permission bits615.1.5.2.5 ACL_MASK615.1.5.2.6 Default ACLs and ACL inheritance615.1.5.2.7 ACL representations and interfaces615.1.5.2.8 ACL enforcement625.1.6 Asynchronous I/O635.1.7 I/O scheduler635.1.7.1 Deadline I/O scheduler645.1.7.2 Anticipatory I/O scheduler645.1.7.3 Completely Fair Queuing scheduler645.1.7.4 Noop I/O scheduler655.1.8 I/O interrupts655.1.8.1 Top halves655.1.8.2 Bottom halves655.1.8.3 Softirqs655.1.8.4 Tasklets665.1.8.5 Work queue665.1.9 Processor interrupts665.1.10 Machine check665.2 Process control and management675.2.1 Data structures675.2.2 Process creation and destruction695.2.2.1 Control of child processes695.2.2.2 DAC controls695.2.2.2.1 setuid()and setgid()695.2.2.2.2 seteuid()and setegid()695.2.2.2.3 setreuid()and setregid()695.2.2.2.4 setresuid()and setresgid()705.2.2.3 execve()705.2.2.4 do_exit()705.2.3 Process switch705.2.4 Kernel threads705.2.5 Scheduling715.2.6 Kernel preemption725.3 Inter-process communication735.3.1 Pipes745.3.1.1 Data structures and algorithms745.3.2 First-In First-Out Named pipes755.3.2.1 FIFO creation755.3.2.2 FIFO open765.3.3 System V IPC765.3.3.1 Common data structures765.3.3.2 Common functions775.3.3.2.1 ipc_alloc()775.3.3.2.2 ipcperms()775.3.3.3 Message queues775.3.3.3.1 msg_queue775.3.3.3.2 msg_msg775.3.3.3.3 msgget()785.3.3.3.4 msgsnd()785.3.3.3.5 msgrcv()785.3.3.3.6 msgctl()785.3.3.4 Semaphores785.3.3.4.1 sem_array785.3.3.4.2 semget()785.3.3.4.3 semop()785.3.3.4.4 semctl()795.3.3.5 Shared memory regions795.3.3.5.1 shmid_kernel795.3.3.5.2 shmget()795.3.3.5.3 shmat()795.3.3.5.4 shmdt()795.3.3.5.5 shmctl()795.3.4 Signals805.3.4.1 Data structures805.3.4.2 Algorithms805.3.5 Sockets805.4 Network subsystem815.4.1 Overview of the network protocol stack825.4.2 Transport layer protocols845.4.2.1 TCP845.4.2.2 UDP845.4.3 Network layer protocols845.4.3.1 Internet Protocol Version 4 (IPv4)845.4.3.2 Internet Protocol Version 6 (IPv6)845.4.3.2.1 Addressing855.4.3.2.2 IPv6 Header855.4.3.2.3 Flow Labels865.4.3.2.4 Security865.4.3.3 Transition between IPv4 and IPv6865.4.3.4 IP Security (IPsec)865.4.3.4.1 Functional Description of IPsec875.4.3.4.1.1 AH Protocol (AH)875.4.3.4.1.2 Encapsulating Security Payload Protocol (ESP)885.4.3.4.1.3 Security Associations895.4.3.4.1.4 Security Policy895.4.3.4.1.5 SA, SP, and Key Management895.4.3.4.1.6 Internet Key Exchange Protocol (IKE)895.4.3.4.1.7 Socket API895.4.3.4.1.8 Cryptographic subsystem905.4.4 Internet Control Message Protocol (ICMP)905.4.4.1 Link layer protocols905.4.4.1.1 Address Resolution Protocol (ARP)915.4.5 Network services interface915.4.5.1 socket()925.4.5.2 bind()925.4.5.3 listen()935.4.5.4 accept()935.4.5.5 connect()935.4.5.6 Generic calls945.4.5.7 Access control945.5 Memory management945.5.1 Four-Level Page Tables965.5.2 Memory addressing975.5.2.1 System x975.5.2.1.1 Segmentation995.5.2.1.2 Paging1005.5.2.1.2.1 Paging in the SLES kernel1025.5.2.1.2.2 Access control for control transfers through call gates1025.5.2.1.2.3 Translation lookaside buffers1035.5.2.1.2.4 Address translations in 64-bit mode1035.5.2.1.2.5 Paging in EM64T1035.5.2.2 System p1045.5.2.2.1 Address Translation on LPARs1085.5.2.2.2 Hypervisor1085.5.2.2.3 Real mode addressing1085.5.2.2.4 Virtual mode addressing1095.5.2.2.5 Access to I/O address space1095.5.2.2.6 Direct Memory Access addressing1095.5.2.2.7 Run-Time Abstraction Services1105.5.2.2.8 Preventing denial of service1105.5.2.3 System p native mode1105.5.2.3.1 Machine State Register1125.5.2.3.2 Page descriptor1135.5.2.3.3 Segment descriptor1135.5.2.3.4 Block descriptor1135.5.2.3.5 Address translation mechanisms1145.5.2.3.6 Page Address Translation and access control1155.5.2.4 System z1185.5.2.4.1 Native hardware mode1185.5.2.4.2 LPAR mode1185.5.2.4.3 z/VM Guest mode1185.5.2.4.4 Address types1185.5.2.4.5 Address sizes1195.5.2.4.6 Address spaces1195.5.2.4.7 Address translations1195.5.2.4.7.1 Dynamic address translation1205.5.2.4.7.2 Prefixing1225.5.2.4.8 Memory protection mechanisms1235.5.2.4.8.1 Low-address protection1235.5.2.4.8.2 Page table protection1245.5.2.4.8.3 Key-controlled protection1275.5.2.5 eServer 3261285.5.2.5.1 Logical address1285.5.2.5.2 Effective address1295.5.2.5.3 Linear address1295.5.2.5.4 Physical address1295.5.2.5.5 Segmentation1295.5.2.5.5.1 Access control for data access1305.5.2.5.5.2 Access control for stack segments1305.5.2.5.5.3 Access control for direct control transfer1305.5.2.5.5.4 Access control for control transfers through call gates1315.5.2.5.5.5 Access control through type check1315.5.2.5.6 Paging1315.5.2.5.7 Translation Lookaside Buffers1355.5.3 Kernel memory management1355.5.3.1 Support for NUMA servers1365.5.3.2 Reverse map Virtual Memory1365.5.3.3 Huge Translation Lookaside Buffers1375.5.3.4 Remap_file_pages1395.5.3.5 Page frame management1395.5.3.6 Memory area management1405.5.3.7 Noncontiguous memory area management1405.5.4 Process address space1405.5.5 Symmetric multiprocessing and synchronization1425.5.5.1 Atomic operations1425.5.5.2 Memory barriers1425.5.5.3 Spin locks1435.5.5.4 Kernel semaphores1435.6 Audit subsystem1435.6.1 Audit components1435.6.1.1 Audit kernel components1445.6.1.1.1 Kernel-userspace interface1445.6.1.1.2 Syscall auditing1455.6.1.1.3 Filesystem watches1455.6.1.1.4 Task structure1455.6.1.1.5 Audit context fields1465.6.1.2 File system audit components1475.6.1.3 User space audit components1485.6.2 Audit operation and configuration options1495.6.2.1 Configuration1495.6.2.2 Operation1515.6.3 Audit records1525.6.3.1 Audit record generation1525.6.3.1.1 Kernel record generation1525.6.3.1.2 Syscall audit record generation1535.6.3.1.2.1 System call interface intercept functions1535.6.3.1.3 File system audit record generation1545.6.3.1.4 Socket call and IPC audit record generation1555.6.3.1.5 Record generation by trusted programs1555.6.3.2 Audit record format1555.6.4 Audit tools1585.6.4.1 auditctl1585.6.4.2 ausearch1585.6.5 Login uid association1585.7 Kernel modules1585.7.1 Linux Security Module framework1595.7.2 LSM capabilities module1615.7.3 LSM AppArmor module1615.8 AppArmor1615.8.1 AppArmor administrative utilities1625.8.2 AppArmor access control functions1635.8.3 securityfs1635.9 Device drivers1645.9.1 I/O virtualization on System z1645.9.1.1 Interpretive-execution facility1645.9.1.2 State description1655.9.1.3 Hardware virtualization and simulation1665.9.2 Character device driver1665.9.3 Block device driver1675.10 System initialization1685.10.1 init1685.10.2 System x1695.10.2.1 Boot methods1705.10.2.2 Boot loader1705.10.2.3 Boot process1705.10.3 System p1735.10.3.1 Boot methods1735.10.3.2 Boot loader1735.10.3.3 Boot process1735.10.4 System p in LPAR1755.10.4.1 Boot process1765.10.5 System z1785.10.5.1 Boot methods1785.10.5.2 Control program1785.10.5.3 Boot process1785.10.6 eServer 3261805.10.6.1 Boot methods1805.10.6.2 Boot loader1815.10.6.3 Boot process1815.11 Identification and authentication1835.11.1 Pluggable Authentication Module1845.11.1.1 Overview1845.11.1.2 Configuration terminology1855.11.1.3 Modules1855.11.2 Protected databases1875.11.2.1 Access control rules1885.11.2.1.1 DAC1885.11.2.1.2 Software privilege1885.11.3 Trusted commands and trusted processes1885.11.3.1 agetty1885.11.3.2 gpasswd1895.11.3.3 login1895.11.3.4 mingetty1905.11.3.5 newgrp1905.11.3.6 passwd1915.11.3.7 su1915.11.4 Interaction with audit1925.12 Network applications1925.12.1 OpenSSL Secure socket-layer interface1925.12.1.1 Concepts1945.12.1.1.1 Encryption1945.12.1.1.1.1 Encryption with symmetric keys1955.12.1.1.1.2 Encryption with asymmetric keys1955.12.1.1.2 Message digest1975.12.1.1.3 Message Authentication Code (MAC)1975.12.1.1.4 Digital certificates and certificate authority1975.12.1.2 SSL architecture1975.12.1.2.1 SSL handshake protocol1985.12.1.3 OpenSSL algorithms2005.12.1.4 Symmetric ciphers2005.12.1.4.1 Asymmetric ciphers2015.12.1.4.2 Certificates2015.12.1.4.3 Hash functions2015.12.2 Secure Shell2025.12.2.1 SSH client2035.12.2.2 SSH server daemon2035.12.3 Very Secure File Transfer Protocol daemon2045.12.4 CUPS2045.12.4.1 cupsd2055.12.4.2 ping2065.12.4.3 ping62065.12.4.4 openssl2065.12.4.5 stunnel2075.12.4.6 xinetd2085.13 System management2085.13.1 Account Management2085.13.1.1 chage2085.13.1.2 chfn2095.13.1.3 chsh2095.13.2 User management2105.13.2.1 useradd2105.13.2.2 usermod2105.13.2.3 userdel2115.13.3 Group management2125.13.3.1 groupadd2125.13.3.2 groupmod2135.13.3.3 groupdel2135.13.4 System Time management2155.13.4.1 date2155.13.4.2 hwclock2155.13.5 Other System Management2155.13.5.1 AMTU2155.13.5.1.1 Memory2165.13.5.1.2 Memory separation2165.13.5.1.3 I/O controller and network2165.13.5.1.4 I/O controller and disk2165.13.5.1.5 Supervisor mode instructions2165.13.5.1.5.1 System p2175.13.5.1.5.2 System z2175.13.5.1.5.3 System x2175.13.5.1.5.4 eServer 3262185.13.5.1.6 AMTU output2185.13.5.2 star2185.13.6 I&A support2205.13.6.1 pam_tally2205.13.6.2 unix_chkpwd2205.14 Batch processing2205.14.1 Batch processing user commands2205.14.1.1 crontab2205.14.1.2 at2215.14.2 Batch processing daemons2225.14.2.1 cron2225.14.2.2 atd2225.15 User-level audit subsystem2235.15.1 Audit daemon2235.15.2 Audit utilities2235.15.2.1 aureport2235.15.2.2 ausearch2245.15.2.3 autrace2245.15.3 Audit configuration files2245.15.4 Audit logs2245.16 Supporting functions2255.16.1 TSF libraries2255.16.2 Library linking mechanism2275.16.3 System call linking mechanism2275.16.3.1 System x2275.16.3.2 System p2285.16.3.3 System z2285.16.3.4 eServer 3262285.16.4 System call argument verification2286 Mapping the TOE summary specification to the High-Level Design2306.1 Identification and authentication2306.1.1 User identification and authentication data management (IA.1)2306.1.2 Common authentication mechanism (IA.2)2306.1.3 Interactive login and related mechanisms (IA.3)2306.1.4 User identity changing (IA.4)2306.1.5 Login processing (IA.5)2306.2 Audit2306.2.1 Audit configuration (AU.1)2306.2.2 Audit processing (AU.2)2306.2.3 Audit record format (AU.3)2316.2.4 Audit post-processing (AU.4)2316.3 Discretionary Access Control2316.3.1 General DAC policy (DA.1)2316.3.2 Permission bits (DA.2)2316.3.3 ACLs (DA.3)2316.3.4 DAC: IPC objects (DA.4)2316.4 Object reuse2316.4.1 Object reuse: file system objects (OR.1)2316.4.2 Object reuse: IPC objects (OR.2)2316.4.3 Object reuse: memory objects (OR.3)2316.5 Security management2316.5.1 Roles (SM.1)2326.5.2 Access control configuration and management (SM.2)2326.5.3 Management of user, group and authentication data (SM.3)2326.5.4 Management of audit configuration (SM.4)2326.5.5 Reliable time stamps (SM.5)2326.6 Secure communications2326.6.1 Secure protocols (SC.1)2326.7 TSF protection2326.7.1 TSF invocation guarantees (TP.1)2326.7.2 Kernel (TP.2)2326.7.3 Kernel modules (TP.3)2326.7.4 Trusted processes (TP.4)2336.7.5 TSF Databases (TP.5)2336.7.6 Internal TOE protection mechanisms (TP.6)2336.7.7 Testing the TOE protection mechanisms (TP.7)2336.8 Security enforcing interfaces between subsystems2336.8.1 Summary of kernel subsystem interfaces2346.8.1.1 Kernel subsystem file and I/O2346.8.1.1.1 External Interfaces2346.8.1.1.2 Internal Interfaces2356.8.1.1.4 Data Structures2366.8.1.2 Kernel subsystem process control and management2366.8.1.2.1 External interfaces (system calls)2366.8.1.2.2 Internal Interfaces2376.8.1.2.3 Data Structures2376.8.1.3 Kernel subsystem inter-process communication2376.8.1.3.1 External interfaces (system calls)2386.8.1.3.2 Internal Interfaces2386.8.1.3.3 Data Structures2386.8.1.4 Kernel subsystem networking2396.8.1.4.1 External interfaces (system calls)2396.8.1.4.2 Internal interfaces2396.8.1.4.3 Data Structures2396.8.1.5 Kernel subsystem memory management2396.8.1.5.1 External interfaces (system calls)2396.8.1.5.2 Internal interfaces2406.8.1.5.3 Data Structures2406.8.1.6 Kernel subsystem audit2406.8.1.6.1 External interfaces2406.8.1.6.2 Internal interfaces2406.8.1.6.3 Data structures2416.8.1.7 Kernel subsystem device drivers2416.8.1.7.1 External interfaces (system calls)2416.8.1.7.2 Internal interfaces2416.8.1.7.2.1 Character Devices2426.8.1.7.2.2 Block Devices2426.8.1.7.3 Data structures2436.8.1.8 Kernel subsystems kernel modules2436.8.1.8.1 External interfaces (system calls)2436.8.1.8.2 Internal interfaces2436.8.1.8.3 Data structures2436.8.2 Summary of trusted processes interfaces2437 References244文件大小: 2.9 MB页数: 246Language: English打开用户手册