Choosing resource types wisely
Services interact with resources, and the label that we assign to the resources is used by the fine-grained access controls assigned to these resources. End user files (for users that have a Linux account on the system) are labeled as user_home_t
, which suffices for most uses. However, when we deal with services, the choice of the resource label defines if and how other applications can access those resources and is much more fine-grained than what we currently use for end user files.
There are some best practices concerning resource type selection within SELinux policies, which we will now look into.
How to do it…
The service resource types need to be carefully chosen. Their naming implies the functional use of the ...
Get SELinux Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.