WEBVTT

00:01.470 --> 00:09.420
In a previous lesson we talked about security contexts and how they are broken up into four different

00:09.450 --> 00:11.640
coal on separated fields.

00:11.820 --> 00:16.720
In this movie we're going to focus on the third field the type.

00:17.490 --> 00:23.400
This type is used by the targeted policy to make it's access control decisions.

00:23.400 --> 00:31.070
Because of this we often say that the targeted policy implements a technology called type enforcement.

00:31.230 --> 00:40.920
The way this works objects with the same security requirements get grouped into the same type then objects

00:40.950 --> 00:45.640
of the same type are allowed to access and interact with each other.

00:45.660 --> 00:53.130
For example if you've ever been to a football game you may have noticed that football fans often get

00:53.130 --> 00:58.040
separated in the stadium by security personnel.

00:58.050 --> 01:03.900
This is normally done to mitigate conflicts and hooliganism.

01:03.900 --> 01:11.970
The same principle applies with security enhanced Linux use in type enforcement processes and configuration

01:11.970 --> 01:20.340
files that are in the same domain can all interact with each other without interference from objects

01:20.370 --> 01:22.770
in other domains.

01:22.770 --> 01:32.930
This way if objects get compromised they can only damage themselves and not the entire system.

01:32.970 --> 01:39.900
If you take a look here you can see we've got a number of files and processes sharing for some type

01:41.310 --> 01:43.510
in the context of processes.

01:43.620 --> 01:47.880
We often refer to type as domain.