Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




3. Conventions for SELinux Directories and Files

There are two main directories for SELinux policy in /etc/selinux/:

  • /etc/selinux/<policyname>/policy/ — the binary policy and runtime configuration files.

  • /etc/selinux/<policyname>/src/policy/ — policy sources.

It is possible to have more than one policy existing on the system, although only one may be loaded at a time. The policy binary files, and possibly source files, are located in /etc/selinux/<policyname>/, where <policyname> is the name of your policy, such as targeted, strict, webhost, test, and so forth. The configuration file /etc/selinux/config defines which policy is used, for example SELINUXTYPE=targeted.

In this document, the convention of $DIRECTORY_TYPE is used instead of the full path to assist in readability:

  • The variable directory $SELINUX_SRC/ is a substitute for the generic directory of /etc/selinux/<policyname>/src/policy/ and the targeted policy source directory at /etc/selinux/targeted/src/policy/.

  • The variable directory $SELINUX_POLICY/ is a substitute for the generic directory of /etc/selinux/<policyname>/policy/ and the binary targeted policy directory at /etc/selinux/targeted/policy/.

An important file is the audit log file. In Red Hat Enterprise Linux, $AUDIT_LOG by default is /var/log/messages. However, this is configurable via /etc/syslog.conf, and future work on an audit daemon will handle kernel audit events and log them into a separate file. Because of the variable nature of where the audit logs are, the variable file $AUDIT_LOG is used as a substitute.

Other important files and directories include $SELINUX_POLICY/booleans and $SELINUX_POLICY/contexts/, which are both discussed in Section 3.2 Files and Directories of the Targeted Policy.

The most important file for SELinux is the binary policy file. This file is located at /etc/selinux/targeted/policy/policy.<XY>. The <XY> represents the two digits of the policy version. In the case of Red Hat Enterprise Linux 4, this file is policy.18.

  Published under the terms of the GNU General Public License Design by Interspire