Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




The Guide to Writing SELinux Policy
Home Next

Guide to Writing SE Linux Policy

Faye Coker
[email protected]
Last update: 18 March 2004

This document continues on from the Getting Started with SE Linux HOWTO, and covers writing SE Linux policy as well as discussing configuration files you will be dealing with. It is aimed at people starting out with writing their own SE Linux policies. If you have not already done so, please read the Getting Started with SE Linux HOWTO in order to become familiar with basic concepts. Any mention of "old SE Linux" refers to the original release of SE Linux for 2.4.x kernels. "New SE Linux" refers to SE Linux for 2.6.x kernels for which a backport is available for 2.4.

Please make sure you also read the NSA's document called Configuring the SE Linux Policy as material in this HOWTO refers to its contents.

This HOWTO tries to be as basic as possible. With learning how to write SE Linux policy, it's mostly a matter of just getting in there and doing it, as many things are not documented at this time. Keep practising, look at existing policies, study the kernel log messages. A lot of what you try might be guesswork which is perfectly okay, because things will gradually fall in to place.

This document has been tested on a test system but more guinea pigs are always welcome. Please email me if you run in to problems when following my instructions.

Table of Contents

  1. Introduction

  2. 1.1. Feedback
    1.2. Disclaimer

  3. All about policies

  4. 2.1. What is a policy?
    2.2. What can you do with policies?
    2.3 How are policies created, and how do they take effect?
    2.4 How are decisions made?

  5. policy.conf, checkpolicy, the Makefile

  6. 3.1. checkpolicy
    3.2. the Makefile

  7. Attributes: the attrib.te file
  8. User related files

  9. 5.1. The users file
    5.2. The user.te file
    5.3. The user_macros.te file
    5.3.1 Macros for user login domains
    5.3.2 Macros for ordinary user domains

  10. System administrator related files

  11. 6.1. The admin_macros.te

  12. the file_contexts file
  13. the types directory

  14. 8.1. device.te
    8.2. devpts.te
    8.3. file.te
    8.4. network.te
    8.5. nfs.te
    8.6. procfs.te
    8.7. security.te

  15. the macros directory

  16. 9.1. core_macros.te
    9.2. global_macros.te
    9.3. the macros/program directory

  17. the flask directory
  18. Editing the policy
  19. Basic policy editing examples
  20. Case study: the policy for INN

  21. 13.1. the innd.te file
    13.2. the innd.fc file
    13.3. the net_contexts file

  22. Policy tools
  23. Resources

The Guide to Writing SELinux Policy
Home Next

  Published with kind permission of Faye Coker Design by Interspire