Creating a skeleton policy

With the logical setup now in place, we can draft a skeleton policy. This policy will be a translation from the logical setup we encountered to SELinux policy rules.

The entire policy is written in a myskype.te file. The final result of this set of recipes is also available through the download pack of this book as a reference.

How to do it…

We start with a base skeleton that we can enhance later. This skeleton is developed as follows:

We start with the declaration of the various types. From the design, we can deduce four types:
- skype_t as the main process domain
- skype_exec_t as the label for the Skype executable(s)
- skype_home_t for the user configuration files and directories of the skype_t domain
- skype_tmpfs_t is needed for ...

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux Cookbook by Sven Vermeulen

Creating a skeleton policy

How to do it…

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly