Types, permissions, and constraints

Now that we know more about types (both for processes as well as files and other resources), let's look into how these are used in the SELinux policy in more detail.

Understanding type attributes

We have discussed the sesearch application already and how it can be used to query the current SELinux policy. Let's look again at the process transitions:

$ sesearch -s initrc_t -t httpd_t -c process -p transition -A 
Found 1 semantic av rules: 
   allow initrc_domain daemon : process transition ;

Even though we asked for the rules related to the initrc_t source domain and the httpd_t target, we get a rule back for the initrc_domain source domain and the daemon target. What sesearch did here was show us how the requested ...

Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux System Administration - Second Edition by Sven Vermeulen

Types, permissions, and constraints

Understanding type attributes

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly