Other uses of policy enhancements

Throughout the book, we've covered quite a few technological features of SELinux. By creating our own SELinux policies, we can augment this further.

Creating customized SECMARK types

A use case for building our own policy is to create a custom SECMARK type and make sure that a particular domain is the only domain that is allowed to handle this communication.

The following SELinux rules create an invalid_packet_t type (to match packets that should not be sent out: for example, the PostgreSQL communication that is directed to the Internet rather than the internal network) and an intranet_packet_t type (to match packets being sent to an intranet server):

# cat custom_packets.te policy_module(custom_packets, 1.0) type ...

Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Second Edition by Sven Vermeulen

Other uses of policy enhancements

Creating customized SECMARK types

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly