6 selinux security software – HEIDENHAIN iTNC 530 (60642x-03) ISO programming User Manual

HEIDENHAIN iTNC 530

89

2.6 SE

Linu

x secur

ity so

ft

w

a

re

2.6 SELinux security software

SELinux is an extension for Linux-based operating systems. SELinux
is an additional security software package based on Mandatory
Access Control (MAC) and protects the system against the running of
unauthorized processes or functions and therefore protects against
viruses and other malware.

MAC means that each action must be specifically permitted otherwise
the TNC will not run it. The software is intended as protection in
addition to the normal access restriction in Linux. Certain processes
and actions can only be executed if the standard functions and access
control of SELinux permit it.

The access control of SELinux under HEROS 5 is regulated as follows:



The TNC runs only those applications installed with the
HEIDENHAIN NC software.



Files in connection with the safety of the software (SELinux system
files, HEROS 5 boot files etc.) may only be changed by programs
that are selected explicitly.



New files generated by other programs must never be executed.



There are only two processes that are permitted to execute new
files:



Starting of a software update
A software update from HEIDENHAIN can replace or change
system files.



Starting of the SELinux configuration
The configuration of SELinux is usually password-protected by
your machine tool builder. Refer here to the relevant machine tool
manual.

The SELinux installation of the TNC is prepared to permit
running of only those programs installed with the
HEIDENHAIN NC software. You cannot run other
programs with the standard installation.

HEIDENHAIN generally recommends activating SELinux
because it provides additional protection against attacks
from outside.