IBM 10 SP1 EAL4 用户手册
The SLES kernel includes the base kernel and separately-loadable kernel modules and device drivers. (Note
that a device driver can also be a kernel module.) The kernel consists of the bootable kernel image and its
loadable modules. The kernel implements the system call interface, which provides system calls for file
management, memory management, process management, networking, and other TSF (logical subsystems)
functions addressed in the Functional Descriptions chapter of this document. The structure of the SLES kernel
is described further in the Software Architecture chapter of this paper.
Non-kernel TSF software includes programs that run with the administrative privilege, such as the sshd,
cron, atd, and vsftpd daemons. The TSF also includes the configuration files that define authorized
that a device driver can also be a kernel module.) The kernel consists of the bootable kernel image and its
loadable modules. The kernel implements the system call interface, which provides system calls for file
management, memory management, process management, networking, and other TSF (logical subsystems)
functions addressed in the Functional Descriptions chapter of this document. The structure of the SLES kernel
is described further in the Software Architecture chapter of this paper.
Non-kernel TSF software includes programs that run with the administrative privilege, such as the sshd,
cron, atd, and vsftpd daemons. The TSF also includes the configuration files that define authorized
users, groups of users, services provided by the system, and other configuration data. Not included as TSF
are shells used by administrators, and standard utilities invoked by administrators.
The SLES system, which includes hardware, kernel-mode software, non-kernel programs, and databases,
provides a protected environment in which users and administrators run the programs, or sequences of CPU
instructions. Programs execute as processes with the identity of the users that started them (except for some
exceptions defined in this paper), and with privileges as dictated by the system security policy. Programs are
subject to the access control and accountability processes of the system.
are shells used by administrators, and standard utilities invoked by administrators.
The SLES system, which includes hardware, kernel-mode software, non-kernel programs, and databases,
provides a protected environment in which users and administrators run the programs, or sequences of CPU
instructions. Programs execute as processes with the identity of the users that started them (except for some
exceptions defined in this paper), and with privileges as dictated by the system security policy. Programs are
subject to the access control and accountability processes of the system.
5