SELinux with omarine policy: An in-depth look at the security policy - secure program with its own domain: Part 4


Building and installing module myapp
We are ready to build module myapp and insert it into the policy. You run this command to build the module:

make -f /usr/share/selinux/omarine/include/Makefile myapp.pp

The result is the policy package myapp.pp. Now insert it into the policy with the semodule command, as the root user:

semodule -i myapp.pp

Designing module myapp_perm to grant permissions to use the domain myapp_t
The myapp_perm module simply consists of a myapp_perm.te file, as follows:


require {
    type staff_t;    
    role staff_r;


Call the interface myapp_run of module myapp to allow domain staff_t to transition to domain myapp_t with staff_r role when the myapp binary is executed. Allow domain staff_t to read the log files of the myapp program.
Our goal is to allow the default user in Omarine ie staff_u running myapp program from its user domain, staff_t. Then the process is transitioned to the domain myapp_t.
The build and installation of myapp_perm module is similar to myapp

Currently unrated


There are currently no comments

New Comment


required (not published)