6 selinux security software – HEIDENHAIN iTNC 530 (60642x-03) User Manual
Page 95
 
HEIDENHAIN iTNC 530
95
2.6 SE
Linu
x secur
ity so
ft
w
a
re
2.6 SELinux security software
SELinux is an extension for Linux-based operating systems. SELinux 
is an additional security software package based on Mandatory 
Access Control (MAC) and protects the system against the running of 
unauthorized processes or functions and therefore protects against 
viruses and other malware. 
MAC means that each action must be specifically permitted otherwise 
the TNC will not run it. The software is intended as protection in 
addition to the normal access restriction in Linux. Certain processes 
and actions can only be executed if the standard functions and access 
control of SELinux permit it.
The access control of SELinux under HEROS 5 is regulated as follows:
The TNC runs only those applications installed with the 
HEIDENHAIN NC software.
Files in connection with the safety of the software (SELinux system 
files, HEROS 5 boot files etc.) may only be changed by programs 
that are selected explicitly.
New files generated by other programs must never be executed.
There are only two processes that are permitted to execute new 
files:
Starting of a software update
A software update from HEIDENHAIN can replace or change 
system files.
Starting of the SELinux configuration
The configuration of SELinux is usually password-protected by 
your machine tool builder. Refer here to the relevant machine tool 
manual.
The SELinux installation of the TNC is prepared to permit 
running of only those programs installed with the 
HEIDENHAIN NC software. You cannot run other 
programs with the standard installation.
HEIDENHAIN generally recommends activating SELinux 
because it provides additional protection against attacks 
from outside.