Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

NOTE: CentOS Enterprise Linux is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux.

Chapter 4. Example Policy Reference - dhcpd

This chapter provides an understanding of how the policy works with the dhcpd daemon. This daemon ships as part of the dhcp package. This chapter first discusses the locations and purposes of key policy files, and then policy types are explained. This chapter serves as a reference analysis that can be applied to all of the targeted daemons. Analysis in this file results from direct investigation of the policy files as well as extensive usage of apol, which is discussed in Chapter 6 Tools for Manipulating and Analyzing SELinux.

4.1. Policy File Locations

This section covers the various top level files that comprise the policy for dhcpd. Refer to Section 4.2 Policy Types - dhcpd for a description of what the types are allowed to do.

$SELINUX_POLICY/domains/program/dhcpd.te

This file defines the policy rules for the dhcpd domain, dhcpd_t. These rules are discussed in Section 4.2 Policy Types - dhcpd. Because the type enforcement file calls macros that are defined elsewhere, the dhcpd.te file is only the starting point for the policy. The policy building process expands the macros into many more lines of rules.

$SELINUX_POLICY/file_contexts/program/dhcpd.fc

This defines the security context for files associated with the dhcpd server daemon, assigning them one of the dhcp_<*>_t types:

# dhcpd
/etc/dhcpd.conf         --      system_u:object_r:dhcp_etc_t
/etc/dhcp3(/.*)?                system_u:object_r:dhcp_etc_t
/usr/sbin/dhcpd.*       --      system_u:object_r:dhcpd_exec_t
/var/lib/dhcp(3)?/dhcpd\.leases.* -- \
  system_u:object_r:dhcpd_state_t
/var/run/dhcpd\.pid     -d      system_u:object_r:dhcpd_var_run_t
ifdef(`dhcp_defined', `', `
/var/lib/dhcp(3)?       -d      system_u:object_r:dhcp_state_t
define(`dhcp_defined')
')
Note Note
 

As you are looking for dhcpd.fc, you see there are a large number of file contexts files in $SELINUX_POLICY/file_contexts/program/. Most of these files are unused. The context files are not pulled into the policy without a corresponding TE file in the $SELINUX_POLICY/domains/ path.

The context file contains an ifdef statement; the purpose here is to make certain the shared directory /var/lib/dhcp is available without declaring it multiple times. This is discussed in detail in Example 3-1.

 
 
  Published under the terms of the GNU General Public License Design by Interspire