6 selinux security software, Selinux security software, Introduction 2.6 selinux security software – HEIDENHAIN TNC 620 (81760x-01) ISO programming User Manual

Introduction

2.6

SELinux security software

2

82

TNC 620 | User's Manual for DIN/ISO Programming | 3/2014

2.6

SELinux security software

SELinux

is an extension for Linux-based operating systems.

SELinux is an additional security software package based on

Mandatory Access Control (MAC) and protects the system against

the running of unauthorized processes or functions and therefore

protects against viruses and other malware.
MAC means that each action must be specifically permitted

otherwise the TNC will not run it. The software is intended as

protection in addition to the normal access restriction in Linux.

Certain processes and actions can only be executed if the standard

functions and access control of SELinux permit it.

The SELinux installation of the TNC is prepared to

permit running of only those programs installed with

the HEIDENHAIN NC software. Other programs

cannot be run with the standard installation.

The access control of SELinux under HEROS 5 is regulated as

follows:

The TNC runs only those applications installed with the

HEIDENHAIN NC software.
Files in connection with the safety of the software (SELinux

system files, HEROS 5 boot files etc.) may only be changed by

programs that are selected explicitly.
New files generated by other programs must never be

executed.
There are only two processes that are permitted to execute new

files:

Starting a software update: A software update from

HEIDENHAIN can replace or change system files.
Starting the SELinux configuration: The configuration of

SELinux is usually password-protected by your machine tool

builder. Refer here to the relevant machine tool manual.

HEIDENHAIN generally recommends activating

SELinux because it provides additional protection

against attacks from outside.