-
Overview
-
redpesk OS releases
-
Security updates
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
Trusted Boot
-
Recovery features
-
redpak
-
Zephyr in Redpesk
-
Mender redpesk
-
Hardware support
- Download images
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
SELinux
Basics
Policy module
A policy module will define your application rules. It is easy to install and uninstall.
It contains three files :
- type enforcement (.te): contains the rules to confine your application.
- file context (.fc): defines which label to give to each file.
- interfaces (.if): contains interfaces to say how applications interact with the modules
Compile
To compile a SELinux module, we place our different files in a folder. The output is a policy package (.pp) file.
Package requirement: selinux-policy-dev for Debian, selinux-policy-devel for RHEL
make -f /usr/share/selinux/devel/Makefile -C /usr/share/sec-lsm-manager/selinux-rules demo-app.pp
Install / Uninstall
To install the newly created SELinux module, use the following command :
semodule -i demo-app.pp
And to remove it :
semodule -r demo-app.pp
Sources
- Vermeulen, S. (2015). Selinux Cookbook. Packt Publishing.
- https://mgrepl.fedorapeople.org/PolicyCourse/writingSELinuxpolicy_MUNI.pdf
- https://debian-handbook.info/browse/fr-FR/stable/sect.selinux.html