SELinux security software

Application

SELinux is an extension for Linux-based operating systems in the sense of Mandatory Access Control (MAC). The security software protects the system against the execution of unauthorized processes or functions, i.e. viruses and other malicious software.

The machine manufacturer defines the SELinux settings in the Security Policy Configuration window.

Related topics

Description of function

The SELinux menu item opens the Security Policy Configuration window. The menu item is in the Operating system group of the Settings application.

  • The access control of SELinux is regulated as follows by default:
  • The control executes only programs that are installed with the HEIDENHAIN NC software.
  • Only explicitly selected programs can modify safety-relevant files, such as SELinux system files or HEROS boot files.
  • New files created by other programs may not be run.
  • USB data carriers can be deselected.
  • Only two processes can run new files:
    • Software update: A software update from HEIDENHAIN can replace or modify system files.
    • SELinux configuration: The configuration of SELinux with the Security Policy Configuration window is usually password-protected by the machine manufacturer (refer to the relevant machine manual).

Note

HEIDENHAIN recommends using SELinux as additional protection against attacks from outside the network.

Definition

Abbreviation

Definition

MAC (mandatory access control)

MAC means that the control performs only explicitly permitted actions. SELinux is intended as protection in addition to the normal access restriction in Linux. Certain processes and actions can be performed only if the standard functions and access control of SELinux permit it.