I'm experimenting with creating custom SELinux users with specific privileges. I've read Dominick Grift article series about SELinux lockdown which I found very helpful.
(http://selinux-mac.blogspot.com/2009/06/selinux-lockdown-part-one-confined.h...) What I'm still missing is a detailed description of the SELinux context files and format. Although I can guess the use of certain fields I don't feel comfortable with just copying a context file for a built in user without understanding exactly what I'm doing. Can someone point me to some documentation of the context file format? (I'm using Fedora12 for my experiments) Thanks, /Leif
On 01/15/2010 11:03 AM, Leif Thuresson wrote:
I'm experimenting with creating custom SELinux users with specific privileges. I've read Dominick Grift article series about SELinux lockdown which I found very helpful.
(http://selinux-mac.blogspot.com/2009/06/selinux-lockdown-part-one-confined.h...) What I'm still missing is a detailed description of the SELinux context files and format. Although I can guess the use of certain fields I don't feel comfortable with just copying a context file for a built in user without understanding exactly what I'm doing. Can someone point me to some documentation of the context file format? (I'm using Fedora12 for my experiments) Thanks, /Leif
Hi, I am glad to hear that my article is useful to you.
I wrote an article about about the SELinux policy structure in Fedora. It is just something i wrote one rainy afternoon and it may have errors but you can get it here:
http://84.245.6.206/~dgrift/stuff/Managing_a_SELinux_environment_with_Fedora...
I am also happy to answer any specific questions that you may have.
You can also catch me on irc://irc.freenode.org/fedora-selinux
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
selinux@lists.fedoraproject.org