Chapter 2. SELinux Policy Overview


11


The object classes have matching declarations in the kernel, meaning that it is not trivial to add or


change object class details. The same thing is true for permissions. Development work is ongoing to


make it possible to register and unregister classes and permissions dynamically.


Permissions are the actions that a subject can take on an object, if the policy allows it. These permis 


sions are the access requests that SELinux actively allows or denies.


There are several common sets of permissions defined in the targeted policy, in


$SELINUX_SRC/flask/access_vectors


. These allow the actual classes to inherit the sets,


instead of rewriting the same permissions across multiple classes:


# Define a common prefix for file access vectors.


#


common file


{


ioctl


read


write


create


getattr


setattr


lock


relabelfrom


relabelto


append


unlink


link


rename


execute


swapon


quotaon


mounton


}


# Define a common prefix for socket access vectors.


#


common socket


{


# inherited from file


ioctl


read


write


create


getattr


setattr


lock


relabelfrom


relabelto


append


# socket specific


bind


connect


listen


accept


getopt


setopt


shutdown


recvfrom


sendto


recv_msg








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved