Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

The Guide to Writing SELinux Policy
Prev Home Next

7. the file_contexts file


The file_contexts file contains security contexts which are applied to files on the system when a security policy installed. This file is read by the setfiles program and uses the information to label files. Below are some examples and explanations.

# The security context for all files not otherwise specified. /.*                             system_u:object_r:file_t
This line sets the security context on files that do not have a specified context. system_u is the idenity for system processes and daemons and is the default identity for files owned by the system.
# The root directory.
/                       -d      system_u:object_r:root_t
Set the context with a type of root_t for the actual root directory (specified by the -d). /mnt and /initrd also have the type root_t.
 /home/[^/]+             -d      system_u:object_r:user_home_dir_t /home/[^/]+/.+                  system_u:object_r:user_home_t
For the actual /home directory, set the type to user_home_dir_t. For files underneath it, set the type to user_home_t.

You should be able to get a general understanding of everything else in this file, and it does help to have a good understanding of regular expressions.

In the middle column, you may see -- which refers to a regular file. -d refers to a directory. Nothing listed means anything is matched. If you do an "ls -l" command, the first character of the first column of output is what appears in the middle column. So if something was a symbolic link you'd see -l, -b for a block device and so forth.

The Guide to Writing SELinux Policy
Prev Home Next

 
 
  Published with kind permission of Faye Coker Design by Interspire