84
Chapter 6. Tools for Manipulating and Analyzing SELinux
Note
Both the source policy.conf and binary policy. XY
files can be analyzed by apol. Much of the
_
`
results are similar, but there are noteworthy differences. This is because the binary compilation pro 
cess strips out attributes as well as the initial SIDs. It is the lack of attributes that most affects the
analysis process. When analyzing a binary policy, attributes cannot be included as search parame 
ters.
The policy.conf tab is disabled for the binary policy, as well as the Initial SIDs tab under the Policy
Components tab. The field Attributes is empty, and although you can select Attrib(ute)s in various
search parameters, it has no effect when analyzing a binary policy.
6.3.1. Policy Component Analysis
When opening the policy file, apol gathers and organizes information. The same information is dif 
ficult to identify and extrapolate manually going through the policy files. For example, there is no
master list within the policy source of which types belong to which attributes. This information is
scattered throughout the policy. apol gathers and displays these SELinux categories.
Figure 6 6. apol with
policy.conf
Loaded
Figure 6 6 shows the Policy Components tab. Within this tab there are tabs for Types, Classes/Perms,
Roles, Users, Booleans, and Initial SIDs. Under each tab is the capability to perform basic searches.






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

adult web hosting

 

Our partners: PHP: Hypertext Preprocessor Best Web Hosting Java Web Hosting Inexpensive Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Jsp Hosting Cheap Hosting

Visionwebhosting.net Business web hosting division of Web Design Plus. All rights reserved