Chapter 4.


Example Policy Reference  


dhcpd


This chapter provides an understanding of how the policy works with the


dhcpd


daemon. This daemon


ships as part of the


dhcp


package. This chapter first discusses the locations and purposes of key


policy files, and then policy types are explained. This chapter serves as a reference analysis that can


be applied to all of the targeted daemons. Analysis in this file results from direct investigation of the


policy files as well as extensive usage of apol, which is discussed in Chapter 6 Tools for Manipulating


and Analyzing SELinux.


4.1. Policy File Locations


This section covers the various top level files that comprise the policy for


dhcpd


. Refer to Section 4.2


Policy Types  


dhcpd


for a description of what the types are allowed to do.


$SELINUX_POLICY/domains/program/dhcpd.te


This file defines the policy rules for the


dhcpd


domain,


dhcpd_t


. These rules are discussed in


Section 4.2 Policy Types  


dhcpd


. Because the type enforcement file calls macros that are defined


elsewhere, the


dhcpd.te


file is only the starting point for the policy. The policy building process


expands the macros into many more lines of rules.


$SELINUX_POLICY/file_contexts/program/dhcpd.fc


This defines the security context for files associated with the


dhcpd


server daemon, assigning


them one of the


dhcp_ * _t


types:


K


L


# dhcpd


/etc/dhcpd.conf


   system_u:object_r:dhcp_etc_t


/etc/dhcp3(/.*)?


system_u:object_r:dhcp_etc_t


/usr/sbin/dhcpd.*    system_u:object_r:dhcpd_exec_t


/var/lib/dhcp(3)?/dhcpd\.leases.*    \


system_u:object_r:dhcpd_state_t


/var/run/dhcpd\.pid  d system_u:object_r:dhcpd_var_run_t


ifdef(`dhcp_defined', `', `


/var/lib/dhcp(3)?  d system_u:object_r:dhcp_state_t


define(`dhcp_defined')


')


Note


As you are looking for dhcpd.fc, you see there are a large number of file contexts files in


$SELINUX_POLICY/file_contexts/program/. Most of these files are unused. The context files


are not pulled into the policy without a corresponding TE file in the $SELINUX_POLICY/domains/


path.


The context file contains an


ifdef


statement; the purpose here is to make certain the shared direc 


tory


/var/lib/dhcp


is available without declaring it multiple times. This is discussed in detail in


Example 3 1.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved