O'Reilly logo

SELinux by Bill McCarty

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 9. Customizing SELinux Policies

Chapter 8 explained the syntax and operation of the statements that make up the SELinux policy language. This chapter explains how to customize SELinux policies. It begins by reviewing the structure of the SELinux policy source tree and the Makefile that’s used to compile, build, and load an SELinux policy. The chapter then explains several typical policy customizations of the sort you’re most likely to perform. Most often, you’ll use customizations recommended by the Audit2allow program. However, you’ll need to carefully review such recommendations rather than blindly implement them. Otherwise, you may extend an unnecessarily broad set of permissions, thereby compromising system security. The chapter concludes with descriptions of some policy management tools, along with hints and procedures for using them.

The SELinux Policy Source Tree

Chapter 5 explained the structure of the SELinux policy source tree. The source tree typically resides in the directory /etc/security/selinux/src/policy; however, your SELinux distribution may place it elsewhere. Table 9-1 recaps the structure of the policy source tree. You’ll likely find it convenient to refer to this table as you read this chapter; it will help you locate the file that contains a particular type of declaration, the file to which you should add a particular type of declaration, or the directory in which you should create the file to hold a particular type of declaration. In other words, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required