Adding new type
Marko Rauhamaa
marko at pacujo.net
Fri Jun 5 10:56:11 UTC 2015
<URL: https://fedoraproject.org/wiki/Security_context?rd=SELi
nux/SecurityContext> :
The 3rd component of the security context is the Type component, for
example /usr/sbin/httpd is labeled with a type of “httpd_exec_t".
In my opinion this is the most important field in the SELinux
security context. This is the heart of SELinux Type Enforcement. Most
of the policy rules in SELinux revolve around what subject types have
what access to which object types. By convention this component
always ends in a "_t".
I am a developer creating a new type of service. Let's call it "abcd."
Am I expected to have my RPM package create a new type "abcd_exec_t"?
What document describes the proper steps to introduce the type to the
system?
Marko
More information about the selinux
mailing list