Cargando…
SELinux Cookbook.
This book covers how to build SELinux policies and the integration of the technology with other systems and looks at a wide range of examples to assist in creating additional policies. You will learn how to manage resource labels and fine-tune your policies to automatically handle labeling; gain ins...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Packt Publishing,
2014.
|
| Temas: | |
| Acceso en línea: | Texto completo |
Tabla de Contenidos:
- Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: The SELinux Development Environment; Introduction; Creating the development environment; Building a simple SELinux module; Calling refpolicy interfaces; Creating our own interface; Using the refpolicy naming convention; Distributing SELinux policy modules; Chapter 2: Dealing with File Labels; Introduction; Defining file contexts through patterns; Using substitution definitions; Enhancing an SELinux policy with file transitions; Setting resource-sensitivity labels.
- Configuring sensitivity categoriesChapter 3: Confining Web Applications; Introduction; Listing conditional policy support; Enabling user directory support; Assigning web content types; Using different web server ports; Using custom content types; Creating a custom CGI domain; Setting up mod_selinux; Starting Apache with limited clearance; Mapping HTTP users to contexts; Using source address mapping to decide on contexts; Separating virtual hosts with mod_selinux; Chapter 4: Creating a Desktop Application Policy; Introduction; Researching the application''s logical design.
- Creating a skeleton policySetting context definitions; Defining application role interfaces; Testing and enhancing the policy; Ignoring permissions we don''t need; Creating application resource interfaces; Adding conditional policy rules; Adding build-time policy decisions; Chapter 5: Creating a Server Policy; Introduction; Understanding the service; Choosing resource types wisely; Differentiating policies based on use cases; Creating resource-access interfaces; Creating exec, run, and transition interfaces; Creating a stream-connect interface; Creating the administrative interface.
- Chapter 6: Setting Up Separate RolesIntroduction; Managing SELinux users; Mapping Linux users to SELinux users; Running commands in a specified role with sudo; Running commands in a specified role with runcon; Switching roles; Creating a new role; Initial role based on entry; Defining role transitions; Looking into access privileges; Chapter 7: Choosing the Confinement Level; Introduction; Finding common resources; Defining common helper domains; Documenting common privileges; Granting privileges to all clients; Creating a generic application domain.
- Building application-specific domains using templatesUsing fine-grained application domain definitions; Chapter 8: Debugging SELinux; Introduction; Identifying whether SELinux is to blame; Analyzing SELINUX_ERR messages; Logging positive policy decisions; Looking through SELinux constraints; Ensuring an SELinux rule is never allowed; Using strace to clarify permission issues; Using strace against daemons; Auditing system behavior; Chapter 9: Aligning SELinux with DAC; Introduction; Assigning a different root location to regular services.