directory contains several files
that are part of the SELinux policy:
Specifies the SELinux security classes.
Specifies the initial SIDs.
Specifies the permissions includes in access vectors.
The following subsections explain the syntax of declarations residing in these files. Generally, only SELinux developers should change these declarations. However, administrators may find it helpful to understand these files and the declarations they contain.
Syntax of security_classes
file specifies the security classes
handled by SELinux. Entries in the file have the syntax shown in
Figure 8-10. A class declaration contains only the
class and an identifier giving the class
Figure 8-10. Flask class declaration
The example policy defines between two and three dozen classes. Here is a typical class declaration:
Appendix A summarizes the standard security object classes.
Syntax of initial_sids
specifies the symbols corresponding
to initial SIDs. Entries in the file have the syntax shown in Figure 8-11, consisting of the keyword
sid and an identifier naming the SID.
Figure 8-11. Flask initial SID declaration
The sample policy defines a few more than ...