Summary of the content on the page No. 1
SUSE Linux Enterprise Server 10 SP1 EAL4
High-Level Design
Version 1.2.1������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
Summary of the content on the page No. 2
Version Author Date Comments 1.0 EJR 3/15/07 First draft based on RHEL5 HLD 1.1 EJR 4/19/07 Updates based on comments from Stephan Mueller and Klaus Weidner 1.2 GCW 4/26/07 Incorporated Stephan's comment to remove racoon 1.2.1 GCW 10/27/08 Added legal matter missing from final draft. Novell, the Novell logo, the N logo, and SUSE are registered trademarks of Novell, Inc. in the United States and other countries. IBM, IBM logo, BladeCenter, eServer, iSeries, i5/OS, OS/400, PowerPC, POWER3, POWER4
Summary of the content on the page No. 3
Table of Contents 1 Introduction....................................................................................................................................................1 1.1 Purpose of this document.......................................................................................................................1 1.2 Document overview ..............................................................................................................................1 1.3 Conventions
Summary of the content on the page No. 4
4.1.2.1 DAC....................................................................................................................................25 4.1.2.2 AppArmor............................................................................................................................26 4.1.2.3 Programs with software privilege.........................................................................................26 4.2 TOE Security Functions software structure............................
Summary of the content on the page No. 5
5.1.5 Discretionary Access Control (DAC)..........................................................................................55 5.1.5.1 Permission bits.....................................................................................................................56 5.1.5.2 Access Control Lists ............................................................................................................57 5.1.6 Asynchronous I/O ........................................................
Summary of the content on the page No. 6
5.3.3.2 Common functions...............................................................................................................76 5.3.3.3 Message queues....................................................................................................................77 5.3.3.4 Semaphores..........................................................................................................................78 5.3.3.5 Shared memory regions.............................................
Summary of the content on the page No. 7
5.5.3 Kernel memory management....................................................................................................142 5.5.3.1 Support for NUMA servers................................................................................................142 5.5.3.2 Reverse map Virtual Memory............................................................................................143 5.5.3.3 Huge Translation Lookaside Buffers.........................................................
Summary of the content on the page No. 8
5.8.3 securityfs....................................................................................................................................174 5.9 Device drivers....................................................................................................................................174 5.9.1 I/O virtualization on System z....................................................................................................175 5.9.1.1 Interpretive-execution facility...........
Summary of the content on the page No. 9
5.11.3.1 agetty................................................................................................................................203 5.11.3.2 gpasswd............................................................................................................................203 5.11.3.3 login.................................................................................................................................203 5.11.3.4 mingetty.........................................
Summary of the content on the page No. 10
5.13.3.2 groupmod.........................................................................................................................232 5.13.3.3 groupdel...........................................................................................................................232 5.13.4 System Time management.......................................................................................................234 5.13.4.1 date.............................................................
Summary of the content on the page No. 11
6.1 Identification and authentication.......................................................................................................251 6.1.1 User identification and authentication data management (IA.1).................................................251 6.1.2 Common authentication mechanism (IA.2)................................................................................251 6.1.3 Interactive login and related mechanisms (IA.3)..................................................
Summary of the content on the page No. 12
6.8 Security enforcing interfaces between subsystems.............................................................................255 6.8.1 Summary of kernel subsystem interfaces ..................................................................................256 6.8.1.1 Kernel subsystem file and I/O............................................................................................257 6.8.1.2 Kernel subsystem process control and management............................................
Summary of the content on the page No. 13
1 Introduction This document describes the High Level Design (HLD) for the SUSE® Linux® Enterprise Server 10 Service Pack 1 operating system. For ease of reading, this document uses the phrase SUSE Linux Enterprise Server and the abbreviation SLES as a synonym for SUSE Linux Enterprise Server 10 SP1. This document summarizes the design and Target of Evaluation Security Functions (TSF) of the SUSE Linux Enterprise Server (SLES) operating system. Used within the Common Criteria evaluation o
Summary of the content on the page No. 14
2 System Overview The Target of Evaluation (TOE) is SUSE Linux Enterprise Server (SLES) running on an IBM eServer host computer. The SLES product is available on a wide range of hardware platforms. This evaluation covers the SLES product on the IBM eServer System x™, System p™, and System z™, and eServer 326 (Opteron). (Throughout this document, SLES refers only to the specific evaluation platforms). Multiple TOE systems can be connected via a physically-protected Local Area Network (LAN).
Summary of the content on the page No. 15
The TOE system provides user Identification and Authentication (I&A) mechanism by requiring each user to log in with proper password at the local workstation, and also at any remote computer where the user can enter commands to a shell program (for example, remote ssh sessions). Each computer enforces a coherent Discretionary Access Control (DAC) policy, based on UNIX®-style mode bits and an optional Access Control List (ACL) for the named objects under its control. This chapter documents th
Summary of the content on the page No. 16
The Common Criteria for Information Technology Security Evaluation [CC] and the Common Methodology for Information Technology Security Evaluation [CEM] demand breaking the TOE into logical subsystems that can be either (a) products, or (b) logical functions performed by the system. The approach in this section is to break the system into structural hardware and software subsystems that include, for example, pieces of hardware such as planars and adapters, or collections of one or more softwa
Summary of the content on the page No. 17
The SLES kernel includes the base kernel and separately-loadable kernel modules and device drivers. (Note that a device driver can also be a kernel module.) The kernel consists of the bootable kernel image and its loadable modules. The kernel implements the system call interface, which provides system calls for file management, memory management, process management, networking, and other TSF (logical subsystems) functions addressed in the Functional Descriptions chapter of this document.
Summary of the content on the page No. 18
2.2.2 eServer system structure The system is an eServer computer, which permits one user at a time to log in to the computer console. Several virtual consoles can be mapped to a single physical console. Different users can login through different virtual consoles simultaneously. The system can be connected to other computers via physically and logically protected LANs. The eServer hardware and the physical LAN connecting the different systems running SLES are not included within the eval
Summary of the content on the page No. 19
Figure 2-3: Local and network services provided by SLES Network services, such as ssh or ftp, involve client-server architecture and a network service-layer protocol. The client-server model splits the software that provides a service into a client portion that makes the request, and a server portion that carries out the request, usually on a different computer. The service protocol is the interface between the client and server. For example, User A can log in at Host 1, and then use ssh
Summary of the content on the page No. 20
Objects are passive repositories of data. The TOE defines three types of objects: named objects, storage objects, and public objects. Named objects are resources, such as files and IPC objects, which can be manipulated by multiple users using a naming convention defined at the TSF interface. A storage object is an object that supports both read and write access by multiple non-trusted subjects. Consistent with these definitions, all named objects are also categorized as storage objects, but
