O'Reilly logo

SELinux System Administration by Sven Vermeulen

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Dealing with types, permissions, and constraints

Now that we know more about types (both in the context of processes as well as files and other resources), let's look into how these are used in the SELinux policy in more detail.

Type attributes

We have discussed the sesearch application already and how it can be used to query the current SELinux policy. Let us look again at the process transitions, this time on a Fedora system:

$ sesearch -s initrc_t -t httpd_t -c process -p transition -A
Found 1 semantic av rules:
   allow initrc_domain daemon : process transition ;

Even though we asked for the rules related to the initrc_t source and the httpd_t target, we get a rule back for the initrc_domain source and the daemon target. What sesearch did here ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required