Base Domains and Base Resources

Base domains and base resources provide access to security policy rules already defined in the base security policy provided by the SELinux Reference Policy. Graphically, base domains are squares like regular domains – but with dashed lines instead of solid lines. Similarly, base resources are circles – like shared resources but use dashed lines instead of solid lines.

Below is the graphical representation of the base resource, etc_files.

Below is the graphical representation of the base domain, init.

Base domains and base resources can be incorporated in the CDS security architecture in the same way as any other domain or resource except for the following two limitations.

1. They can only be defined at the top level security architecture, i.e. they cannot be defined within another domain.
2. Base domains cannot be decomposed.

©2005 - 2008 Tresys Technology, LLC
Patent Pending