Building complete application policies – SELinux

We can build complete application policies with CIL as well. However, keep in mind that there are no interfaces or support macros out there that we can use to rapidly develop policies. Furthermore, there are no templates or suchlike available to jumpstart such...

Creating fine-grained definitions – SELinux

Throughout this book, most small SELinux policy adjustments have been made using CIL. These are small, fine-grained definitions that require little development effort, and have the benefit of being directly loadable. Depending on roles or types The CIL language...

Introducing CIL – SELinux

CIL has been designed to be the main language to have policies built in, and is the lowest readable format. After CIL, the SELinux code is transformed in binary to send off to the Linux kernel (and SELinux subsystem) for loading in memory. Administrators might be...

Getting help with supporting tools – SELinux

There are tools out there that help in developing SELinux policies, and if needed we can build our own support tools as well. Let’s see what support environments we can use. Verifying code with selint While SELinux policies can be functionally working,...

Adding user-level policies – SELinux

If we want to create custom user and role policies, then the most confusing choice is the choice of user template to pick. This template creates a role and user domain with a specific purpose in mind, and grants a number of permissions by default: It will gives you...