34


Chapter 3. Targeted Policy Overview


$SELINUX_SRC/genfs_contexts


As explained in Section 2.4 File System Security Contexts, this file supplies the contexts for


mountpoint labeling, where a mounted file system is given a single, overarching context instead


of an individual context for each file.


$SELINUX_SRC/initial_sid_contexts


These


are


the


security


contexts


that


are


applied


to


the


initial


contexts


in


$SELINUX_SRC/flask/initial_sids


and are used by the kernel during boot before it has


loaded the policy. Refer to Section 2.3 Policy Role in Boot for more information.


$SELINUX_SRC/mls


This file is unused in the targeted policy, but is noteworthy for those interested in MLS security.


Refer to Chapter 9 References for sources of information about MLS.


$SELINUX_SRC/net_contexts


This file has the contexts for network entities, with many declarations within an


ifdef


statement


that depends on the presence of a specific


*.te


file in


$SELINUX_SRC/domains/program/


.


The syntax looks like this:


portcon


protocol


{ port | port range }


type


?


@/?


@A?


@


When invoked, a network context declaration looks like this:


ifdef(`mta.te', `


portcon tcp 25 system_u:object_r:smtp_port_t


portcon tcp 465 system_u:object_r:smtp_port_t


portcon tcp 587 system_u:object_r:smtp_port_t


')


...


ifdef(`use_dhcpd', `portcon udp 67


\


system_u:object_r:dhcpd_port_t')


...


# Defaults for reserved ports.


Earlier portcon entries take


# precedence; these entries just cover any remaining reserved


# ports not otherwise declared or omitted due to removal of a


# domain.


portcon tcp 1 1023 system_u:object_r:reserved_port_t


portcon udp 1 1023 system_u:object_r:reserved_port_t


...


netifcon eth0 system_u:object_r:netif_eth0_t \


system_u:object_r:unlabeled_t


$SELINUX_SRC/policy.conf


This file is created by


m4


during the policy compiling process. It is all of the TE rules from


domains/


with the macros expanded, and the result concatenated together. The compilation


process is covered in Chapter 7 Compiling SELinux Policy, and you can learn about analyzing


the policy using


policy.conf


in Chapter 6 Tools for Manipulating and Analyzing SELinux.


$SELINUX_SRC/rbac


This file defines which roles are allowed to attain which other roles. Roles are discussed in


Section 2.10 SELinux Users and Roles. These are all the allowed role transitions in the targeted


policy: This file only specifies which roles may transition to which other roles, it does not grant


permission to actually change role.


allow sysadm_r system_r;


allow user_r system_r;


allow user_r sysadm_r;


allow sysadm_r user_r;


allow system_r sysadm_r;








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved