Adding conditional policy rules

We can further fine-tune our policy with conditionals. Some of the access vectors identified earlier might not be necessary in all circumstances, so it makes sense to make them optional and configurable through SELinux Booleans.

Two of the identified access vectors that are candidates for configurable policies are as follows:

Accessing the video and sound devices (in order to reduce the risk of malware or vulnerabilities in the application to access the webcam or sound device and spy on the unsuspecting users)
Accessing all user content (instead of only the skype_home_t content)

How to do it…

The following set of steps allows us to make the policy more flexible for the administrators to handle by introducing Booleans. ...

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux Cookbook by Sven Vermeulen

Adding conditional policy rules

How to do it…

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly