Chapter 7. Choosing the Confinement Level
In this chapter, we will cover the following recipes:
- Finding common resources
- Defining common helper domains
- Documenting common privileges
- Granting privileges to all clients
- Creating a generic application domain
- Building application-specific domains using templates
- Using fine-grained application domain definitions
Introduction
During the development of additional policies, developers can opt to use a very fine-grained policy model, a domain-per-application model, or a coarse-grained, functionality-based policy model. The relationship between these confinement models is shown in the following diagram:
In very fine-grained ...
Get SELinux Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
