HEIDENHAIN TNC 620 User Manual page 426

10
10.7 SELinux security software
SELinux is an extension for Linux-based operating systems. SELinux
is an additional security software in the sense of Mandatory Access
Control (MAC) and protects the system against the execution of
unauthorized processes or functions, and therefore against viruses
and other malware.
MAC means that every action must be explicitly permitted, otherwise
it will not be executed by the control. The software is intended as
protection in addition to the normal access restriction in Linux.
Certain processes and actions can only be executed if the standard
functions and access control of SELinux permit it.
The SELinux installation of the control has been prepared
to permit running only programs installed with the
HEIDENHAIN NC software. Other programs cannot be run
with the standard installation.
The access control of SELinux under HEROS 5 is regulated as
follows:
The control executes only applications that are installed with the
HEIDENHAIN NC software
Files in connection with the security of the software (SELinux
system files, HEROS 5 boot files, etc.), may only be modified by
programs that have been selected explicitly.
New files generated by other programs must never be executed
USB data carriers cannot be deselected
There are only two processes that are permitted to execute new
files:
Starting a software update: A software update from
HEIDENHAIN can replace or change system files
Starting the SELinux configuration: The configuration of
SELinux is usually password-protected by your machine
manufacturer; refer to the relevant machine manual.
HEIDENHAIN recommends activating SELinux because
it provides additional protection against attacks from
outside.
426
HEIDENHAIN | TNC 620 | User's Manual for Setup, Testing and Running NC Programs | 01/2022
HEROS functions | SELinux security software