book

SELinux Cookbook

by Sven Vermeulen

September 2014

Intermediate to advanced

240 pages

5h 53m

English

Packt Publishing

Read now

Unlock full access

Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
What this book covers

Downloading the example codeErrataPiracyQuestions
IntroductionAbout SELinuxThe role of the SELinux policyThe example
Getting readyHow to do it…How it works…There's more...See also
Getting readyHow to do it…How it works…The policy source fileThe binary policy moduleLoading a policy into the policy storeThere's more...See also
How to do it…How it works…See also
How to do it…How it works…The location of the interface definitionsThe in-line documentationSee also
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…Changes in interfacesKernel version changesMLS or not
Introduction
How to do it…How it works…Path expressionsThe order of processingClass identifiersContext declarationThere's more...
Getting readyHow to do it…How it works…There's more...See also
Getting readyHow to do it…How it works…Finding the right search patternPatternsThere's more...See also
How to do it…How it works…Full policy replacementRanged daemon domainConstraintsSee also
Getting readyHow to do it…How it works…The mcstrans and setrans.conf filesSELinux users and Linux user mappingsRunning Apache with the right contextSee also
Introduction
How to do it…How it works...See also
Getting readyHow to do it…How it works...There's more...See also
How to do it…How it worksThere's more...
How to do it…How it works...There's more...See also
Getting readyHow to do it…How it works...There's more...
How to do it…How it works...
How to do it…How it works...See also
How to do it…How it works...There's more...
How to do it…How it works...
How to do it…How it works...There's more...See also
How to do it…How it works...See also
Introduction
How to do it…How it works…Files and directoriesNetwork resourcesProcessesHardware and kernel resources
How to do it…How it works…Type declarationsManaging files and directoriesX11 and shared memoryThe network accessThere's more...See also
How to do it…How it works…
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…There's more...
How to do it…How it works…There's more...
Introduction
How to do it…How it works…Online researchSandbox environmentThe structural documentationSee also
How to do it…How it works…Domain definitionsLogical resourcesInfrastructural resources
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…See also
How to do it…For a Unix domain socket with a socket fileFor an abstract Unix domain socketHow it works…
How to do it…How it works…See also
Introduction
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Defining a role in the policyExtending the role privilegesDefault types and default contexts
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Direct access inspectionPolicy manipulationIndirect access
Introduction
How to do it…How it works…Shared file locationsUser content and customizable typesThere's more...
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…Reducing exploit risksRole managementType inheritance and transitions
Introduction
How to do it…How it works…See also
Getting readyHow to do it…How it works…Invalid contextsDenied transition validationDenied security-bounded transitionsThere's more...See also
How to do it…How it works…
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…There's more...See also
How to do it…How it works…There's more...See also
Introduction
Getting readyHow to do it…How it works…There's more...See also
How to do it…How it works…See also
How to do it…How it works…There's more...
How to do it…How it works…There's more...
How to do it…How it works…See also
How to do it…How it works…
How to do it…How it works…
How to do it…How it works…See also
Introduction
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...
How to do it…How it works…
How to do it…How it works…There's more…
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...
Getting readyHow to do it…How it works…There's more...
Getting readyHow to do it…How it works…There's more...
How to do it…How it works…There's more...

Content preview from SELinux Cookbook

Restricting service ownership

Applications that register themselves on the bus own a service name. The uk.org.thekelleys.dnsmasq service name is an example of this. The D-Bus policy, declared in the busconfig XML file at /etc/dbus-1/system.d/ (or session.d/ if the service is for the session bus instead of system bus) provides information for D-Bus to decide when taking ownership of a particular service is allowed.

Thanks to D-Bus' SELinux integration, additional constraints can be added to ensure that only authorized applications can take ownership of a particular service.

How to do it…

To restrict service ownership through the SELinux policy, follow the ensuing set of steps:

Inside the D-Bus configuration file of the service, make sure that the ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781783989669Supplemental Content

SELinux Cookbook

by Sven Vermeulen

Restricting service ownership

How to do it…

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

SELinux

SELinux by Example: Using Security Enhanced Linux

Practical Linux Security Cookbook

CentOS Quick Start Guide

Publisher Resources

Restricting service ownership

How to do it…

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

SELinux

SELinux by Example: Using Security Enhanced Linux

Practical Linux Security Cookbook

CentOS Quick Start Guide

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.