Selinux Security Software - HEIDENHAIN TNC 620 User Manual

2.7

SELinux security software

SELinux is an extension for Linux-based operating systems.
SELinux is an additional security software package based on
Mandatory Access Control (MAC) and protects the system against
the running of unauthorized processes or functions and therefore
protects against viruses and other malware.
MAC means that each action must be specifically permitted
otherwise the TNC will not run it. The software is intended as
protection in addition to the normal access restriction in Linux.
Certain processes and actions can only be executed if the standard
functions and access control of SELinux permit it.
The SELinux installation of the TNC is prepared to
permit running of only those programs installed with
the HEIDENHAIN NC software. Other programs
cannot be run with the standard installation.
The access control of SELinux under HEROS 5 is regulated as
follows:
The TNC runs only those applications installed with the
HEIDENHAIN NC software
Files in connection with the security of the software (SELinux
system files, HEROS 5 boot files, etc.) may only be changed by
programs that are selected explicitly
New files generated by other programs must never be executed
USB data carriers cannot be deselected
There are only two processes that are permitted to execute new
files:
Starting a software update: A software update from
HEIDENHAIN can replace or change system files
Starting the SELinux configuration: The configuration of
SELinux is usually password-protected by your machine
manufacturer; refer here to the relevant machine manual
HEIDENHAIN recommends activating SELinux
because it provides additional protection against
attacks from outside.
HEIDENHAIN | TNC 620 | Conversational Programming User's Manual | 10/2015
SELinux security software
2
2.7
95