6 selinux security software – HEIDENHAIN iTNC 530 (606 42x-02) User Manual

HEIDENHAIN iTNC 530

93

2.6 SE

Linu

x secur

ity so

ft

w

a

re

2.6 SELinux security software

SELinux is an extension for Linux-based operating systems. SELinux
is an additional security software package based on Mandatory
Access Control (MAC) and protects the system against the running of
unauthorized processes or functions and therefore protects against
viruses and other malware.

MAC means that each action must be specifically permitted otherwise
the TNC will not run it. The software provides additional protection to
the normal access restrictions of Linux. Specific processes and
actions are performed only if permitted by the standard functions and
SELinux access control.

The SELinux access control in HeROS 5 is regulated as follows:

„

The TNC runs only those applications installed with the
HEIDENHAIN NC software.

„

Files concerning the security of the software (SELinux system files,
HeROS 5 boot files, etc.) may only be changed by explicitly selected
programs.

„

Files created anew by other programs must basically not be run.

„

There are only two procedures permitted to run new files:

„

Starting a software update
A HEIDENHAIN software update can replace or change system
files.

„

Starting the SELinux configuration
The configuration of SELinux is usually password-protected by
your machine tool builder. Refer here to the relevant machine tool
manual.

The SELinux installation of the TNC is prepared to permit
running of only those programs installed with the
HEIDENHAIN NC software. You cannot run other
programs with the standard installation.

HEIDENHAIN basically recommends activating SELinux,
because this provides additional protection against
external access.