Introduction to the Red Hat SELinux Guide
iii
Somewhere you can examine and work with the policy sources. This can be a test or development
machine, or possibly a workstation. Many of the examples and explanations in this book assume
that you have the system in front of you to explore while you read.
Some additional patience. SELinux is a different way of handling access control than many admin
istrators and users are familiar with.
Information about Red Hat training can be obtained via http://www.redhat.com/training/.
3. Conventions for SELinux Directories and Files
There are two main directories for SELinux policy in
/etc/selinux/
:
/etc/selinux/
policyname /policy/
the binary policy and runtime configuration files.
/etc/selinux/
policyname /src/policy/
policy sources.
It is possible to have more than one policy existing on the system, although only one
may be loaded at a time. The policy binary files, and possibly source files, are located in
/etc/selinux/
policyname /
, where
policyname
is the name of your policy, such as
targeted, strict, webhost, test, and so forth. The configuration file
/etc/selinux/config
defines
which policy is used, for example SELINUXTYPE=targeted.
In this document, the convention of
$DIRECTORY_TYPE
is used instead of the full path to assist in
readability:
The variable directory
$SELINUX_SRC/
is a substitute for the generic directory of
/etc/selinux/
policyname /src/policy/
and the targeted policy source directory at
/etc/selinux/targeted/src/policy/
.
The variable directory
$SELINUX_POLICY/
is a substitute for the generic directory of
/etc/selinux/
policyname /policy/
and the binary targeted policy directory at
/etc/selinux/targeted/policy/
.
An important file is the audit log file. In Red Hat Enterprise Linux,
$AUDIT_LOG
by default is
/var/log/messages
. However, this is configurable via
/etc/syslog.conf
, and future work on
an audit daemon will handle kernel audit events and log them into a separate file. Because of the
variable nature of where the audit logs are, the variable file
$AUDIT_LOG
is used as a substitute.
Other
important
files
and
directories
include
$SELINUX_POLICY/booleans
and
$SELINUX_POLICY/contexts/
, which are both discussed in Section 3.2 Files and Directories of
the Targeted Policy.
The most important file for SELinux is the binary policy file. This file is located at
/etc/selinux/targeted/policy/policy.
XY
. The
XY
represents the two digits of the
policy version. In the case of Red Hat Enterprise Linux 4, this file is
policy.18
.
4. Document Conventions
When you read this manual, certain words are represented in different fonts, typefaces, sizes, and
weights. This highlighting is systematic; different words are represented in the same style to indicate
their inclusion in a specific category. The types of words that are represented this way include the
following:
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved