Chapter 2. SELinux Policy Overview
17
http_port_t
smtp_port_t
rndc_port_t
ntp_port_t
portmap_port_t
snmp_port_t
syslogd_port_t
2.7. TE Rules   Types
SELinux uses types in various ways. After they are declared, they can be used to make rules for the
transition decision process, type changing process, and access vector decisions and assertions.
Note
Defining the type transitions does not enable them. By default, access is denied until specifically
allowed.
Domains are types applied to processes, identified by the type having the
domain
attribute. The same
type is used for the process itself and the associated
/proc
file. Typically, you see the domain used
as the source context for system operations, that is, the domain is the doer. A domain can be a target
context, such as when
init
is sending process signals to a daemon.
With every SELinux transaction involving at least one domain, the number and kind of domains is
central to the complexity of the security policy. More domains means finer security control, with a
matching increase in configuration and maintenance difficulties.
Type Declaration
This syntax defines how types are declared. A type must be declared before rules can be writ 
ten about it. The targeted daemons have their top level domain declared through the macro
daemon_domain()
, which is discussed in Section 3.4 Common Macros in the Targeted Policy.
## Syntax of a type declaration
type
typename
[aliases] [attributes];
%
&
## Examples
type httpd_config_t, file_type, sysadmfile;
# httpd_config_t is a system administration file
type http_port_t, port_type, reserved_port_type;
# httpd_port_t is a reserved port, that is, number less than 1024
type httpd_php_exec_t, file_type, sysadmfile, exec_type;
# httpd_php_exec_t is a sysadmin file that is an entry point
# executable






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

adult web hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved