84


Chapter 6. Tools for Manipulating and Analyzing SELinux


Note


Both the source policy.conf and binary policy. XY


files can be analyzed by apol. Much of the


_


`


results are similar, but there are noteworthy differences. This is because the binary compilation pro 


cess strips out attributes as well as the initial SIDs. It is the lack of attributes that most affects the


analysis process. When analyzing a binary policy, attributes cannot be included as search parame 


ters.


The policy.conf tab is disabled for the binary policy, as well as the Initial SIDs tab under the Policy


Components tab. The field Attributes is empty, and although you can select Attrib(ute)s in various


search parameters, it has no effect when analyzing a binary policy.


6.3.1. Policy Component Analysis


When opening the policy file, apol gathers and organizes information. The same information is dif 


ficult to identify and extrapolate manually going through the policy files. For example, there is no


master list within the policy source of which types belong to which attributes. This information is


scattered throughout the policy. apol gathers and displays these SELinux categories.


Figure 6 6. apol with


policy.conf


Loaded


Figure 6 6 shows the Policy Components tab. Within this tab there are tabs for Types, Classes/Perms,


Roles, Users, Booleans, and Initial SIDs. Under each tab is the capability to perform basic searches.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      adult web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved