Flask-Related Declarations
The flask
directory contains several files
that are part of the SELinux policy:
- security_classes
Specifies the SELinux security classes.
- initial_sids
Specifies the initial SIDs.
- access_vectors
Specifies the permissions includes in access vectors.
The following subsections explain the syntax of declarations residing in these files. Generally, only SELinux developers should change these declarations. However, administrators may find it helpful to understand these files and the declarations they contain.
Syntax of security_classes
The flask/security_classes
file specifies the security classes
handled by SELinux. Entries in the file have the syntax shown in
Figure 8-10. A class declaration contains only the
keyword class
and an identifier giving the class
name.
Figure 8-10. Flask class declaration
The example policy defines between two and three dozen classes. Here is a typical class declaration:
class security
Appendix A summarizes the standard security object classes.
Syntax of initial_sids
The flask/initial_sids
file
specifies the symbols corresponding
to initial SIDs. Entries in the file have the syntax shown in Figure 8-11, consisting of the keyword
sid
and an identifier naming the SID.
Figure 8-11. Flask initial SID declaration
The sample policy defines a few more than ...
Get SELinux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.