Up to this point in the book, we’ve looked at the functions SELinux provides and the configuration files that direct its operation. However, we’ve merely glanced at the SELinux policy language that’s used to specify the SELinux security policy. Our situation is akin to that of a 15^th or 16^th century explorer who has studied maps of the New World and dreamed of the exotic sights that may be found there but has not yet ventured to sea. In this chapter, we at last embark upon our sea voyage.

In this chapter and the following two chapters, you’ll find a detailed explanation of the SELinux policy language and several related languages, such as those used to specify file and security contexts. This chapter explains the SELinux role-based access control policies, Chapter 7 explains the SELinux type-enforcement policies, and Chapter 8 explains other elements of the SELinux policy. Of course, most likely your goal is not merely to understand the SELinux policy language or SELinux security policies themselves, though such skills are useful to the SELinux system administrator. Instead, it’s more likely that you want to be able to specify new and modified SELinux security policies. If that is your goal, Chapter 6 through Chapter 8 won’t quite take you to the end of your voyage, though you’ll make landfall near the end of Chapter 8. Then you’ll be ready for Chapter 9, which explains how you can customize existing SELinux policies and implement your own policies. ...