Creating resource-access interfaces

With all the resources defined, we now need to ensure that other domains can use those resources as needed. As we've seen, resources can be functional in nature (specific to a service) or more infrastructural (such as logfiles).

Access to resources is provided through SELinux policy rules that need to be provided through access interfaces. These interfaces are then used by third-party SELinux policy modules to document and allow access to the resource types. Without the access interfaces, the resource types we define are not easily accessible by other policy developers.

How to do it…

To create resource-access interfaces, add the proper interface definition in the module's .if file. For instance, to create a set ...

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.