Special Interfaces And File Systems - Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual
Selinux guide
Hide thumbs
Also See for ENTERPRISE LINUX 4 - SELINUX GUIDE:
- Manual (410 pages) ,
- System administration manual (400 pages) ,
- Administration manual (200 pages)
Table of Contents
Advertisement
Chapter 2. SELinux Policy Overview
# name_list : name | name_list name#
#
#
# Restrict the ability to transition to other users
# or roles to a few privileged types.
#
constrain process transition
( u1 == u2 or t1 == privuser );
constrain process transition
( r1 == r2 or t1 == privrole );
#
# Restrict the ability to label objects with other
# user identities to a few privileged types.
#
constrain dir_file_class_set { create relabelto relabelfrom }
( u1 == u2 or t1 == privowner );
constrain socket_class_set { create relabelto relabelfrom }
( u1 == u2 or t1 == privowner );
2.12. Special Interfaces and File Systems
Some of these are discussed more extensively in other locations, and are here to highlight their nature.
These are various special interfaces into the kernel and file system details.
Tip
The shared library
writing an application, use this library instead of trying to directly access these interfaces. To see
what is provided with
utilities and associated manual pages included in the library.
The special files at
•
PID
process.
is the process ID for the process you are examining. This access includes getting
and setting security attributes for the process. These pseudo files expose the getting and setting:
— current security context.
current
•
— the context prior to the last
prev
•
this process.
— the context to apply at the next
exec
•
— the context to apply to any new files created by this process.
fscreate
•
The pseudo file system selinuxfs is mounted at
•
for userspace. Some of what
enabling or disabling SELinux, and making AVC checks.
provides an abstraction layer for all of these interfaces. If you are
libselinux
, run the command
libselinux
/proc/ PID /attr/
libselinux
rpm -ql libselinux
allow userspace access to context information about a
, which means the context of the process that called
exec
exec
. It provides the SELinux policy API
/selinux/
abstracts from this pseudo file system is loading policy,
27
. This will show all the
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE
Related Products for Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.5
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.6
- Red Hat CLUSTER SUITE FOR ENTERPRISE LINUX 4.7
- Red Hat ENTERPRISE LINUX 4 - DM MULTIPATH
- Red Hat ENTERPRISE LINUX 4 - LVM ADMINISTRATOR
- Red Hat ENTERPRISE LINUX 4 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 4 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 4.5.0 -
- Red Hat ENTERPRISE LINUX 3 - SECURITY GUIDE
- Red Hat ENTERPRISE LINUX 3 - USING BINUTILS
- Red Hat ENTERPRISE LINUX 3 - STEP BY STEP GUIDE
- Red Hat ENTERPRISE LINUX 5.1 DM MULTIPATH
- Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE
- Red Hat LINUX 7.1 - ISERIES
- Red Hat Enterprise Linux 2.1
- Red Hat CLUSTER FOR ENTERPRISE LINUX 5.0
Need help?
Do you have a question about the ENTERPRISE LINUX 4 - SELINUX GUIDE and is the answer not in the manual?
Questions and answers