October 2004
Intermediate to advanced
256 pages
8h 16m
English
Content preview from SELinuxBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Type-Enforcement Declarations
Type-enforcement (TE) declarations are of seven types:
-
attribute_def Attribute declarations
-
type_def Type declarations
-
typealias_def Type alias declarations
-
bool_def Boolean declarations
-
transition_def Transition declarations
-
te_avtab_def TE access vector table declarations
-
cond_stmt_def Conditional statement declarations
Type Declarations
The SELinux policy language requires that all type names be explicitly defined. In the simplest possible form, a type declaration merely defines a name as a type. For instance, the type declaration:
type ping_t;
would mark ping_t as the name of a type. Type
declarations need not precede all statements that refer to the types
they define; you can place type declarations any place within a TE
file.
Optionally, a type declaration may define one or more aliases for the type name. Any alias associated with a type can be freely used in place of the primary name of the type. A type declaration can also optionally associate one or more attributes with the type name.
Figure 7-1 shows the syntax of a type declaration.
As an example, the ping.te file contains two
type declarations:
type ping_t, domain, privlog; type ping_exec_t, file_type, sysadmfile, exec_type;
The first declaration identifies ping_t as a type
name, and associates the attributes domain and
privlog with the type name, marking the type as a
domain that communicates with the system log process. The second
declaration identifies ping_exec_t as a type name, and associates ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.