Re: how to test selinux
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/18/2013 10:33 PM, bigclouds wrote:
hi,all
how to test selinux.
in my case, qemu-kvm process has a MCS, how to confirm its authority is
limited in this MCS?
and check out what kinds of authority this qemu-kvm process domain has?
the authority like user shell(if it is exploited), how many dirs,files
MCS can access, and read-write perms?
thanks
-- selinux mailing list selinux(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
I explained MCS separation in a blog
http://danwalsh.livejournal.com/63472.html
You can use sesearch to figure out what an svirt_t is allowed to access
sesearch -A -s svirt_t -c file -p write
Will show you the types that svirt_t can write to.
man svirt_selinux
Will also give you some good info.
If you want to experiment read the following blog.
http://danwalsh.livejournal.com/44090.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFxMYwACgkQrlYvE4MpobNKLwCfRY7PUg3h0mAg15crs/t1wMVl
JBYAnj4mFd4J5uyKX5cEftKv5vq6oLsR
=Ddhw
-----END PGP SIGNATURE-----