Flask-Related Declarations

The flask directory contains several files that are part of the SELinux policy:

security_classes

Specifies the SELinux security classes.

initial_sids

Specifies the initial SIDs.

access_vectors

Specifies the permissions includes in access vectors.

The following subsections explain the syntax of declarations residing in these files. Generally, only SELinux developers should change these declarations. However, administrators may find it helpful to understand these files and the declarations they contain.

Syntax of security_classes

The flask/security_classes file specifies the security classes handled by SELinux. Entries in the file have the syntax shown in Figure 8-10. A class declaration contains only the keyword class and an identifier giving the class name.

Flask class declaration

Figure 8-10. Flask class declaration

The example policy defines between two and three dozen classes. Here is a typical class declaration:

class security

Appendix A summarizes the standard security object classes.

Syntax of initial_sids

The flask/initial_sids file specifies the symbols corresponding to initial SIDs. Entries in the file have the syntax shown in Figure 8-11, consisting of the keyword sid and an identifier naming the SID.

Flask initial SID declaration

Figure 8-11. Flask initial SID declaration

The sample policy defines a few more than ...

Get SELinux now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.