Introduction to the Red Hat SELinux Guide


iii


Somewhere you can examine and work with the policy sources. This can be a test or development


machine, or possibly a workstation. Many of the examples and explanations in this book assume


that you have the system in front of you to explore while you read.


Some additional patience. SELinux is a different way of handling access control than many admin 


istrators and users are familiar with.


Information about Red Hat training can be obtained via http://www.redhat.com/training/.


3. Conventions for SELinux Directories and Files


There are two main directories for SELinux policy in


/etc/selinux/


:


  /etc/selinux/


policyname /policy/


  the binary policy and runtime configuration files.


  /etc/selinux/


policyname /src/policy/


  policy sources.


It is possible to have more than one policy existing on the system, although only one


may be loaded at a time. The policy binary files, and possibly source files, are located in


/etc/selinux/


policyname /


, where


policyname


is the name of your policy, such as


targeted, strict, webhost, test, and so forth. The configuration file


/etc/selinux/config


defines


which policy is used, for example SELINUXTYPE=targeted.


In this document, the convention of


$DIRECTORY_TYPE


is used instead of the full path to assist in


readability:


The variable directory


$SELINUX_SRC/


is a substitute for the generic directory of


/etc/selinux/


policyname /src/policy/


and the targeted policy source directory at


/etc/selinux/targeted/src/policy/


.


The variable directory


$SELINUX_POLICY/


is a substitute for the generic directory of


/etc/selinux/


policyname /policy/


and the binary targeted policy directory at


/etc/selinux/targeted/policy/


.


An important file is the audit log file. In Red Hat Enterprise Linux,


$AUDIT_LOG


by default is


/var/log/messages


. However, this is configurable via


/etc/syslog.conf


, and future work on


an audit daemon will handle kernel audit events and log them into a separate file. Because of the


variable nature of where the audit logs are, the variable file


$AUDIT_LOG


is used as a substitute.


Other


important


files


and


directories


include


$SELINUX_POLICY/booleans


and


$SELINUX_POLICY/contexts/


, which are both discussed in Section 3.2 Files and Directories of


the Targeted Policy.


The most important file for SELinux is the binary policy file. This file is located at


/etc/selinux/targeted/policy/policy.


XY


. The


XY


represents the two digits of the


policy version. In the case of Red Hat Enterprise Linux 4, this file is


policy.18


.


4. Document Conventions


When you read this manual, certain words are represented in different fonts, typefaces, sizes, and


weights. This highlighting is systematic; different words are represented in the same style to indicate


their inclusion in a specific category. The types of words that are represented this way include the


following:








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved