IBM 10 SP1 EAL4

4.1.2.1 DAC....................................................................................................................................25

4.1.2.2 AppArmor............................................................................................................................26

4.1.2.3 Programs with software privilege.........................................................................................26

4.2 TOE Security Functions software structure.........................................................................................27

4.2.1 Kernel TSF software....................................................................................................................28

4.2.1.1 Logical components.............................................................................................................29

4.2.1.2 Execution components.........................................................................................................30

4.2.2 Non-kernel TSF software.............................................................................................................31

4.3 TSF databases......................................................................................................................................34

4.4 Definition of subsystems for the CC evaluation...................................................................................34

4.4.1 Hardware......................................................................................................................................35

4.4.2 Firmware......................................................................................................................................35

4.4.3 Kernel subsystems........................................................................................................................35

4.4.4 Trusted process subsystems..........................................................................................................35

4.4.5 User-level audit subsystem...........................................................................................................36

5 Functional descriptions................................................................................................................................38

5.1 File and I/O management.....................................................................................................................38

5.1.1 Virtual File System......................................................................................................................39

5.1.1.1 Pathname translation............................................................................................................41

5.1.1.2 open()...................................................................................................................................44

5.1.1.3 write()...................................................................................................................................45

5.1.1.4 mount().................................................................................................................................45

5.1.1.5 Shared subtrees....................................................................................................................46

5.1.2 Disk-based file systems................................................................................................................46

5.1.2.1 Ext3 file system....................................................................................................................47

5.1.2.2 ISO 9660 file system for CD-ROM......................................................................................51

5.1.3 Pseudo file systems......................................................................................................................52

5.1.3.1 procfs...................................................................................................................................52

5.1.3.2 tmpfs....................................................................................................................................53

5.1.3.3 sysfs.....................................................................................................................................53

5.1.3.4 devpts...................................................................................................................................53

5.1.3.5 rootfs....................................................................................................................................54

5.1.3.6 binfmt_misc.........................................................................................................................54

5.1.3.7 securityfs..............................................................................................................................54

5.1.3.8 configfs................................................................................................................................55

5.1.4 inotify...........................................................................................................................................55