Understanding the service

The first aspect of designing server policies is to understand the service at hand. Each service has its own internal architecture, and understanding how the various processes and resources interact with each other is extremely important.

Only when the internal architecture is fully understood will we be able to create a properly functioning policy. Otherwise, we risk that the policy will be too broad (too many access rights) or too restricted. Unlike applications, which are usually easy to test from an end user point of view, services often have activities that are much harder to test (or even consider).

How to do it…

Just like with desktop applications, understanding the application behavior is of key importance to create ...

Get SELinux Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.