Creating the administrative interface
To end the SELinux module development for services, we need to create proper role-based interfaces. Whereas the _role
interface is usually for nonprivileged user roles, an _admin
interface is used to provide all the necessary privileges to fully administer a service.
How to do it…
An administrative interface which we can later assign to the user and role that will administer the environment is created with the following steps:
- Create a specific
init
script type for theinit
scripts of the daemon. For instance, for thevirtd
daemon insidevirt.te
, the following policy rules create the properinit
script type:type virtd_initrc_exec_t; init_script_file(virtd_initrc_exec_t)
- Make sure that this
init
script is labeled ...
Get SELinux Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.