O'Reilly logo

SELinux by Bill McCarty

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix C. SELinux Macros Defined in src/policy/macros

Table C-1 describes principal macros defined in the src/policy/macros subdirectory. The macros included in the table are those present in the Fedora Core 2 implementation of SELinux. Other implementations may define different macros or alter the operation of macros appearing in the table.

Table C-1. SELinux macros defined in the macros subdirectory

Macro

Description

admin_domain

Defines a domain for an administrative user.

append_logdir_domain

Authorizes a specified domain to create, read, and append to logfiles within its own specially labeled logging directory.

append_log_domain

Authorizes a specified domain to read and append to its own specially labeled logfiles.

application_domain

Authorizes a specified domain to perform operations common to simple applications.

base_file_read_access

Authorizes a specified domain to read and search several system file types.

base_pty_perms

Authorizes a specified domain to access the pty master multiplexer domain and to search /dev/pts.

base_user_domain

Defines a domain for a nonadministrative user.

can_create_other_pty

Authorizes a specified domain to create new ptys for another specified domain.

can_create_pty

Authorizes a specified domain to create new ptys.

can_exec

Authorizes a specified domain to execute files having a specified type (domain) without transitioning to a new domain.

can_exec_any

Authorizes a specified domain to execute a variety of executable ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required