WARNING:
JavaScript is turned OFF. None of the links on this concept map will
work until it is reactivated.
If you need help turning JavaScript On, click here.
This Concept Map, created with IHMC CmapTools, has information related to: Application and OS Protection, Linux Namespaces some kinds are Network Namespaces, Permission Bitmaps kinds Inheritable (bits), Access Control Lists used by Normal Desktops, Access Control kind Role Based Access Control, Linux Namespaces used by firejail, Discretionary Access Control (User grants permission to resources they won) uses Access Control Lists, Permission Bitmaps kinds Permitted (bits), Linux has Linux Namespaces, Linux has SELinux, Capabilities kind POSIX Capabilities, Linux Namespaces some kinds are UTS Namespaces (host/domain), seccomp-bpf (Secure Computing mode Berkeley Packet Filter style) used by firejail, Linux Namespaces basis of Linux Containers, seccomp-bpf (Secure Computing mode Berkeley Packet Filter style) prevents TOCTOU problem (Time of check to Time of Use), Access Control kind Discretionary Access Control (User grants permission to resources they won), Permission Bitmaps attached to Processes, seccomp does One way process-voluntary capability restriction, seccomp is extended by seccomp-bpf (Secure Computing mode Berkeley Packet Filter style), seccomp via prctl() call, seccomp-bpf (Secure Computing mode Berkeley Packet Filter style) does System call filtering