WebFrom: James Carter To: [email protected] Cc: [email protected], James Carter Subject: [PATCH 2/6] libsepol/cil: Do not call ebitmap_init twice for an ebitmap Date: Wed, 12 Apr 2024 17:04:02 -0400 [thread overview] Message-ID: <[email protected]> () … WebToggle navigation Patchwork SELinux Development list Patches Bundles About this project Login; Register; Mail settings; 13210597 diff mbox series [8/9,v3] secilc/test: Add deny rule tests. Message ID: [email protected] (mailing list archive) State: New: Delegated to: Petr Lautrbach ...
TypeStatements - SELinux Wiki - Security-Enhanced Linux
WebSELinux primarily uses types to determine what access is allowed. Attributes and aliases are policy features that ease the management and use of types. We use attributes to refer to … WebJun 23, 2024 · Marking types as customizable. The list of customizable types is considered part of the SELinux policy provided by your distribution. So, even though you can edit the aforementioned customizable_types yourself, these changes will be overwritten the next time the system policy package is updated. If you really need to get a type marked as … curly monkey
discussion.fedoraproject.org
WebApr 6, 2024 · I came up with the following module: module httpd_unix 0.0.0; require { attribute file_type; class unix_stream_socket connectto; class sock_file write; type httpd_t; } type httpd_unix_t; typeattribute httpd_unix_t file_type; allow httpd_t httpd_unix_t: unix_stream_socket connectto; allow httpd_t httpd_unix_t: sock_file write; Weballow unconfined_domain_type container_domain:process 2 { nnp_transition nosuid_transition }; allow unconfined_domain_type unlabeled_t:key manage_key_perms; ') # # container_userns_t policy # container_domain_template(container_userns, container) typeattribute container_userns_t sandbox_net_domain, container_user_domain; … WebIn this example, SELinux provides a user ( unconfined_u ), a role ( object_r ), a type ( user_home_t ), and a level ( s0 ). This information is used to make access control decisions. On DAC systems, access is controlled based on Linux user and group IDs. SELinux policy rules are checked after DAC rules. curly monogram font