IBM 10 SP1 EAL4 6.7.4 Trusted processes (TP.4), 6.7.5 TSF Databases (TP.5), 6.7.6 Internal TOE protection mechanisms (TP.6), 6.7.7 Testing the TOE protection mechanisms (TP.7), 6.8 Security enforcing interfaces between subsystems

Section 4.2.2 provides details on the non-kernel trusted process on the SLES system.

Section 4.3 provides details on the TSF databases on the SUSE Linux Enterprise Server system.

Section 4.1.1 describes hardware privilege implementation for the System x, System p, System z and Opteron

eServer 326. Section 5.5 describes memory management and protection. Section 5.2 describes process

control and management.

Section 5.13 describes the AMTU tool available to administrative user to test the protection features of the

that are security enforcing in the sense that the subsystems work together to provide a defined security

function. Interfaces that are not security enforcing are interfaces between subsystems where the interface is

not used to implement a security function.

There is also the situation where a kernel subsystem A invokes functions from another kernel subsystem B

using the external interface of the kernel subsystem. This, for example, is the case when a kernel subsystem

needs to open and read or write files, using the File and I/O kernel subsystem, or when a kernel subsystem

sets the user ID or group ID of a process, using the Process Control subsystem.

In those cases, all the security checks performed by those interface functions apply. Note that a system call

function in the kernel operates with the real and effective user ID and group ID of the caller unless the kernel

function that implements the system call changes this.

221