- 240 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
SELinux Cookbook
About this book
In SELinux Cookbook, we cover everything from how to build SELinux policies to the integration of the technology with other systems and look at a wide range of examples to assist in creating additional policies. The first set of recipes work around file labeling as one of the most common and important SELinux administrative aspects. Then, we move on to custom policy development, showing how this is done for web application confinement, desktop application protection, and custom server policies. Next, we shift our focus to the end user, restricting user privileges and setting up role-based access controls. After that, we redirect our focus to the integration of SELinux with Linux systems, aligning SELinux with existing security controls on a Linux system. Finally, we will learn how applications interact with the SELinux subsystem internally; ensuring that whatever the challenge, we will be able to find the best solution.
Tools to learn more effectively
Saving Books
Keyword Search
Annotating Text
Listen to it instead
Information
SELinux Cookbook
Table of Contents
SELinux Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. The SELinux Development Environment
Introduction
About SELinux
The role of the SELinux policy
The example
Creating the development environment
Getting ready
How to do itā¦
How it worksā¦
There's more...
See also
Building a simple SELinux module
Getting ready
How to do itā¦
How it worksā¦
The policy source file
The binary policy module
Loading a policy into the policy store
There's more...
See also
Calling refpolicy interfaces
How to do itā¦
How it worksā¦
See also
Creating our own interface
How to do itā¦
How it worksā¦
The location of the interface definitions
The in-line documentation
See also
Using the refpolicy naming convention
Getting ready
How to do itā¦
How it worksā¦
There's more...
Distributing SELinux policy modules
How to do itā¦
How it worksā¦
Changes in interfaces
Kernel version changes
MLS or not
2. Dealing with File Labels
Introduction
Defining file contexts through patterns
How to do itā¦
How it worksā¦
Path expressions
The order of processing
Class identifiers
Context declaration
There's more...
Using substitution definitions
Getting ready
How to do itā¦
How it worksā¦
There's more...
See also
Enhancing an SELinux policy with file transitions
Getting ready
How to do itā¦
How it worksā¦
Finding the right search pattern
Patterns
There's more...
See also
Setting resource-sensitivity labels
How to do itā¦
How it worksā¦
Full policy replacement
Ranged daemon domain
Constraints
See also
Configuring sensitivity categories
Getting ready
How to do itā¦
How it worksā¦
The mcstrans and setrans.conf files
SELinux users and Linux user mappings
Running Apache with the right context
See also
3. Confining Web Applications
Introduction
Listing conditional policy support
How to do itā¦
How it works...
See also
Enabling user directory support
Getting ready
How to do itā¦
How it works...
There's more...
See also
Assigning web content types
How to do itā¦
How it works
There's more...
Using different web server ports
How to do itā¦
How it works...
There's more...
See also
Using custom content types
Getting ready
How to do itā¦
How it works...
There's more...
Creating a custom CGI domain
How to do itā¦
How it works...
Setting up mod_selinux
How to do itā¦
How it works...
See also
Starting Apache with limited clearance
How to do itā¦
How it works...
There's more...
Mapping HTTP users to contexts
How to do itā¦
How it works...
Using source address mapping to decide on contexts
How to do itā¦
How it works...
There's more...
See also
Separating virtual hosts with mod_selinux
How to do itā¦
How it works...
See also
4. Creating a Desktop Application Policy
Introduction
Researching the application's logical design
How to do itā¦
How it worksā¦
Files and directories
Network resources
Processes
Hardware and kernel resources
Creating a skeleton policy
How to do itā¦
How it worksā¦
Type declarations
Managing files and directories
X11 and shared memory
The network access
There's more...
See also
Setting context definitions
How to do itā¦
How it worksā¦
Defining application role interfaces
How to do itā¦
How it worksā¦
There's more...
Testing and enhancing the policy
How to do itā¦
How it worksā¦
Ignoring permissions we don't need
How to do itā¦
How it worksā¦
Creating application resource interfaces
How to do itā¦
How it worksā¦
Adding conditional policy rules
How to do itā¦
How it worksā¦
There's more...
Adding build-time policy decisions
How to do itā¦
How it worksā¦
There's more...
5. Creating a Server Policy
Introduction
Understanding the service
How to do itā¦
How it worksā¦
Online research
Sandbox environment
The structural documentation
See also
Choosing resource types wisely
How to do itā¦
How it worksā¦
Domain definitions
Logical resources
Infrastructural resources
Differentiating policies based on use cases
How to do itā¦
How it worksā¦
Creating resource-access interfaces
How to do itā¦
How it worksā¦
Creating exec, run, and transition interfaces
How to do itā¦
How it worksā¦
See also
Creating a stream-connect interface
How to do itā¦
For a Unix domain socket with a socket file
For an abstract Unix domain socket
How it worksā¦
Creating the administrative interface
How to do itā¦
How it worksā¦
See also
6. Setting Up Separate Roles
Introduction
Managing SELinux users
How to do itā¦
How it worksā¦
There's more...
Mapping Linux users to SELinux users
How to do itā¦
How it worksā¦
Running commands in a specified role with sudo
How to do itā¦
How it worksā¦
See also
Running commands in a specified role with runcon
How to do itā¦
How it worksā¦
Switching roles
How to do itā¦
How it worksā¦
Creating a new role
How to do itā¦
How it worksā¦
Defining a role in the policy
Extending the role privileges
Default types and default contexts
Initial role based on entry
How to do itā¦
How it worksā¦
Defining role transitions
How to do itā¦
How it worksā¦
Looking into access privileges
How to do itā¦
How it worksā¦
Direct access inspection
Policy manipulation
Indirect access
7. Choosing the Confinement Level
Introduction
Finding common resources
How to do itā¦
How it worksā¦
Shared file locations
User content and customizable types
There's more...
Defining common helper domains
How to do itā¦
How it worksā¦
Documenting common privileges
How to do itā¦
How it worksā¦
Granting privileges to all clients
How to do itā¦
How it worksā¦
Creating a generic application domain
...
Table of contents
- SELinux Cookbook
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, weāve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere ā even offline. Perfect for commutes or when youāre on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access SELinux Cookbook by Sven Vermeulen in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.