book

SELinux Cookbook

by Sven Vermeulen

September 2014

Intermediate to advanced

240 pages

5h 53m

English

Packt Publishing

Read now

Unlock full access

Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
What this book covers

Downloading the example codeErrataPiracyQuestions
IntroductionAbout SELinuxThe role of the SELinux policyThe example
Getting readyHow to do it…How it works…There's more...See also
Getting readyHow to do it…How it works…The policy source fileThe binary policy moduleLoading a policy into the policy storeThere's more...See also
How to do it…How it works…See also
How to do it…How it works…The location of the interface definitionsThe in-line documentationSee also
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…Changes in interfacesKernel version changesMLS or not
Introduction
How to do it…How it works…Path expressionsThe order of processingClass identifiersContext declarationThere's more...
Getting readyHow to do it…How it works…There's more...See also
Getting readyHow to do it…How it works…Finding the right search patternPatternsThere's more...See also
How to do it…How it works…Full policy replacementRanged daemon domainConstraintsSee also
Getting readyHow to do it…How it works…The mcstrans and setrans.conf filesSELinux users and Linux user mappingsRunning Apache with the right contextSee also
Introduction
How to do it…How it works...See also
Getting readyHow to do it…How it works...There's more...See also
How to do it…How it worksThere's more...
How to do it…How it works...There's more...See also
Getting readyHow to do it…How it works...There's more...
How to do it…How it works...
How to do it…How it works...See also
How to do it…How it works...There's more...
How to do it…How it works...
How to do it…How it works...There's more...See also
How to do it…How it works...See also
Introduction
How to do it…How it works…Files and directoriesNetwork resourcesProcessesHardware and kernel resources
How to do it…How it works…Type declarationsManaging files and directoriesX11 and shared memoryThe network accessThere's more...See also
How to do it…How it works…
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…There's more...
How to do it…How it works…There's more...
Introduction
How to do it…How it works…Online researchSandbox environmentThe structural documentationSee also
How to do it…How it works…Domain definitionsLogical resourcesInfrastructural resources
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…See also
How to do it…For a Unix domain socket with a socket fileFor an abstract Unix domain socketHow it works…
How to do it…How it works…See also
Introduction
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Defining a role in the policyExtending the role privilegesDefault types and default contexts
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Direct access inspectionPolicy manipulationIndirect access
Introduction
How to do it…How it works…Shared file locationsUser content and customizable typesThere's more...
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Reducing exploit risksRole managementType inheritance and transitions
Introduction
How to do it…How it works…See also
Getting readyHow to do it…How it works…Invalid contextsDenied transition validationDenied security-bounded transitionsThere's more...See also
How to do it…How it works…
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…There's more...See also
How to do it…How it works…There's more...See also
Introduction
Getting readyHow to do it…How it works…There's more...See also
How to do it…How it works…See also
How to do it…How it works…There's more...
How to do it…How it works…There's more...
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…See also
Introduction
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…There's more…
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...
Getting readyHow to do it…How it works…There's more...
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...

Content preview from SELinux Cookbook

Using a different root location for SELinux-aware applications

SELinux-aware applications have more requirements when they run inside a chroot location. They require access to the SELinux subsystem (from within the chroot) and possibly SELinux configuration entries. This includes PAM-enabled services, as user logins on these services might require access to the SELinux user configuration files (such as the seusers file and default contexts).

How to do it…

First, create the regular chroot location as we saw earlier. To update the system to support SELinux-aware applications inside the chroot, complete the following steps:

Mount the SELinux filesystem inside the chroot at /sys/fs/selinux/ so that the application can query the SELinux policy:
```
~# mkdir ...
```

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781783989669Supplemental Content

SELinux Cookbook

by Sven Vermeulen

Using a different root location for SELinux-aware applications

How to do it…

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

SELinux

SELinux by Example: Using Security Enhanced Linux

Practical Linux Security Cookbook

CentOS Quick Start Guide

Publisher Resources

Using a different root location for SELinux-aware applications

How to do it…

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

SELinux

SELinux by Example: Using Security Enhanced Linux

Practical Linux Security Cookbook

CentOS Quick Start Guide

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.