12


Chapter 2. SELinux Policy Overview


send_msg


name_bind


}


# Define a common prefix for ipc access vectors.


#


common ipc


{


create


destroy


getattr


setattr


read


write


associate


unix_read


unix_write


}


Following the common sets are all the access vector definitions. The definition is structured this way:


class


class_name


[ inherits


common_name


] {


permission_name


... }


.


#


$


#


$


#


$


A good example is the


dir


class, which inherits the permissions from the


file


class, and has


additional permissions on top:


class dir


inherits file


{


add_name


remove_name


reparent


search


rmdir


}


Another example is the class for


tcp_socket


, which inherits the


socket


set plus having its own set


of additional permissions:


class tcp_socket


inherits socket


{


connectto


newconn


acceptfrom


node_bind


}


2.6. TE Rules   Attributes


Policy attributes identify as groups sets of security types that have a similar property. These groups


can be controlled by fewer, overarching rules. The relationship is many to many: a type can have any


amount of attributes, and an attribute can be associated with any number of types.


The declarations file


$SELINUX_SRC/attrib.te


is well documented in the comment blocks. The


attribute declaration syntax is:


attribute


identifier


:


#


$


## Samples from $SELINUX_SRC/attrib.te


# The domain attribute identifies every type that can be








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved