Red Hat ENTERPRISE LINUX 4 - SELINUX GUIDE Manual page 47

Chapter 3. Targeted Policy Overview
system_u:system_r:unconfined_t
$SELINUX_SRC/types/*
These files are the type declarations for general sets of types. The types are grouped by simi-
larities such as being a file, being related to security, network, or devices. The name of the type
declaration file reflects its contents.
One odd file included in the targeted policy is
contains this one line macro:
define('admin_tty_type', '{ tty_device_t devpts_t }')
This macro is connected with a conditional set of rules in the
$SELINUX_SRC/domains/program/apache.te
the console (
if (httpd_tty_comm) {}
parts of the SSL certification handling process.
The reason the macro defining
included in the targeted policy only for the benefit of
defined for the
httpd
In a stricter policy, the system administrator domain
TE file at
admin_tty_type
The file
$SELINUX_SRC/types/files.fc
system.
$SELINUX_SRC/domains/program/*
These are the TE policy files that make the targeted daemons protected. In SELinux, in the tree
at
$SELINUX_SRC/domains/
If a particular
*.te
of the policy.
In Chapter 4 Example Policy Reference -
and examined as a reference for all of the policy files for the targeted daemons.
$SELINUX_SRC/assert.te
The file
assert.te
Access Vectors. The attributes declared for the targeted policy are in
Section 2.6 TE Rules - Attributes. Constraining rules, as discussed in Section 2.11 TE Rules -
Constraints, are defined for the targeted policy in the file
$SELINUX_SRC/flask/
This directory is where several important definitions occur. In
classes are defined, as discussed in Section 2.5 Object Classes and Permissions. The file
initial_sids
policy can be loaded, as described in Section 2.3 Policy Role in Boot. Security object classes are
defined in
security_classes
development, and are not intended for end-user usage.
$SELINUX_SRC/macros/
Macros are discussed in Section 2.9 Policy Macros. Only two macro files in this
directory are
$SELINUX_SRC/macros/program/
macro files that correspond to a
used in the policy.
admin_tty_type
policy to work.
/etc/selinux/strict/src/policy/domains/admin.te
macro.
are all the rules that govern the behavior of the various domains.
is not in the
$SELINUX_SRC/domains/
,
$SELINUX_SRC/attrib.te
contains the
neverallow
provides the booting kernel with the initial security identifiers to use until
. The shell scripts and
used,
core_macros.te
*.te
$SELINUX_SRC/types/apache.te
. The confitional rules allow
). This allows Apache HTTP to use the console for
is in
types/apache.te
httpd
sysadm_t
defines the contexts for all of the file types on the
, the policy for
dhcpd
, and
assertions, discussed in Section 2.8 TE Rules -
constraints
Makefile
and
global_macros.te
contains the macro files for various daemons. Only the
file in
$SELINUX_SRC/domains/program/
httpd
httpd
is that the macro is
. Apache HTTP needs this macro
is used, and it's associated
path, it is not compiled in as part
is completely dissected
dhcpd
$SELINUX_SRC/constraints
attrib.te
.
access_vectors
are used in SELinux kernel
. The
33
. The file
TE file at
to utilize
supplies the
, discussed in
, object
directory
are actually