book

SELinux Cookbook

by Sven Vermeulen

September 2014

Intermediate to advanced

240 pages

5h 53m

English

Packt Publishing

Read now

Unlock full access

Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
What this book covers

Downloading the example codeErrataPiracyQuestions
IntroductionAbout SELinuxThe role of the SELinux policyThe example
Getting readyHow to do it…How it works…There's more...See also
Getting readyHow to do it…How it works…The policy source fileThe binary policy moduleLoading a policy into the policy storeThere's more...See also
How to do it…How it works…See also
How to do it…How it works…The location of the interface definitionsThe in-line documentationSee also
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…Changes in interfacesKernel version changesMLS or not
Introduction
How to do it…How it works…Path expressionsThe order of processingClass identifiersContext declarationThere's more...
Getting readyHow to do it…How it works…There's more...See also
Getting readyHow to do it…How it works…Finding the right search patternPatternsThere's more...See also
How to do it…How it works…Full policy replacementRanged daemon domainConstraintsSee also
Getting readyHow to do it…How it works…The mcstrans and setrans.conf filesSELinux users and Linux user mappingsRunning Apache with the right contextSee also
Introduction
How to do it…How it works...See also
Getting readyHow to do it…How it works...There's more...See also
How to do it…How it worksThere's more...
How to do it…How it works...There's more...See also
Getting readyHow to do it…How it works...There's more...
How to do it…How it works...
How to do it…How it works...See also
How to do it…How it works...There's more...
How to do it…How it works...
How to do it…How it works...There's more...See also
How to do it…How it works...See also
Introduction
How to do it…How it works…Files and directoriesNetwork resourcesProcessesHardware and kernel resources
How to do it…How it works…Type declarationsManaging files and directoriesX11 and shared memoryThe network accessThere's more...See also
How to do it…How it works…
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…There's more...
How to do it…How it works…There's more...
Introduction
How to do it…How it works…Online researchSandbox environmentThe structural documentationSee also
How to do it…How it works…Domain definitionsLogical resourcesInfrastructural resources
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…See also
How to do it…For a Unix domain socket with a socket fileFor an abstract Unix domain socketHow it works…
How to do it…How it works…See also
Introduction
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Defining a role in the policyExtending the role privilegesDefault types and default contexts
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Direct access inspectionPolicy manipulationIndirect access
Introduction
How to do it…How it works…Shared file locationsUser content and customizable typesThere's more...
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Reducing exploit risksRole managementType inheritance and transitions
Introduction
How to do it…How it works…See also
Getting readyHow to do it…How it works…Invalid contextsDenied transition validationDenied security-bounded transitionsThere's more...See also
How to do it…How it works…
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…There's more...See also
How to do it…How it works…There's more...See also
Introduction
Getting readyHow to do it…How it works…There's more...See also
How to do it…How it works…See also
How to do it…How it works…There's more...
How to do it…How it works…There's more...
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…See also
Introduction
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…There's more…
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...
Getting readyHow to do it…How it works…There's more...
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...

Content preview from SELinux Cookbook

Using strace to clarify permission issues

The strace application is a popular debugging application on Linux systems. It allows developers and administrators to look at various system calls made by an application. As SELinux often has access controls on specific system calls, using strace can prove to be very useful in debugging permission issues.

How to do it…

To properly use strace, follow the next set of steps:

Enable the allow_ptrace Boolean:
```
~# setsebool allow_ptrace on
```
Run the application with strace:
```
~$ strace -o strace.log -f -s 256 tmux
```
In the resulting logfile, look for the error message that needs to be debugged.