Other uses of policy enhancements
Throughout the book, we've covered quite a few technological features of SELinux. By creating our own SELinux policies, we can augment this further.
Creating customized SECMARK types
A use case for building our own policy is to create a custom SECMARK
type and make sure that a particular domain is the only domain that is allowed to handle this communication.
The following SELinux rules create an invalid_packet_t
type (to match packets that should not be sent out: for example, the PostgreSQL communication that is directed to the Internet rather than the internal network) and an intranet_packet_t
type (to match packets being sent to an intranet server):
# cat custom_packets.te policy_module(custom_packets, 1.0) type ...
Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.