Security_load_booleans(3) - Will look for a booleans or booleans.local file here unless a specific path is specified.īoth files have the same format and contain one or more boolean names. Security_set_boolean_list(3) - Writes a boolean.local file if flag permanent = ' 1'. However if semanage is not being used or there is an SELinux-aware application that uses the libselinux functions listed below, then these files may be present (they could also be present in older Reference policies): Generally these booleans(5) files are not present if semanage(8) is being used to manage booleans (see the modules/active/booleans.local File section). # configured as a valid GNU / Linux user. # has access to all security levels and therefore should not be The format of the seusers file is the same as the files described in the modules/active/seusers.final section, where an example semanage user command is also shown. Note: The system_u user is defined in this file, however there must be no system_u GNU / Linux user configured on the system. Read the contexts/failsafe_context file to allow a fail safe context to be set.Check for a default context in the contexts/default_contexts file.To determine the remaining context to be used as the security context, read the contexts/users/ file file.If an entry cannot be found, then use the _default_ entry. Using the GNU / Linux user_id, lookup the seuser_id from this file.The seusers(5) file is used by login programs (normally via the libselinux library) and maps GNU / Linux users (as defined in the user / passwd files) to SELinux users (defined in the policy). with X-Windows) then an additional two files are required:Ĭontext/dbus_contexts - To allow the dbus messaging service to run under SELinux.Ĭontext/x_contexts - To allow the X-Windows service to run under SELinux (or XSELinux could be disabled as discussed in the SELinux X-Windows Support section. If the simple policy is to run at init 5, (i.e.
Policy/policy.29 - The binary policy loaded into the kernel.Ĭontext/files/file_contexts - To allow the filesystem to be relabeled. no X-Windows) and only require the following configuration files: For example the simple monolithic policy described in the Notebook source tarball could run at init 3 (i.e. It is possible to build custom monolithic policies that only use the files installed in this area (i.e. The majority of files are installed by the Reference Policy, semanage(8) or semodule(8) commands. 1.26 contexts/files/file_contexts.subs and file_contexts.subs_dist FileĮach file discussed in this section is relative to the policy name as follows:.1.24 contexts/files/file_contexts.local File.1.21 contexts/virtual_image_context File.1.20 contexts/virtual_domain_context File.
0 kommentar(er)
