Documentation


Viewing posts for the category Omarine User's Manual

SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 9

Using audit2allow to generate rules

audit2allow is a utility that generates rules from logs of denied operations. It suggests rules for those operations  to succeed. To see the suggested rules, run the following command, as the root user:

SELinux with omarine policy: SELinux User Capabilities

Unlike Linux users where each user has a specific name like tho, emin, SELinux user is a group of users that have the same capabilities in terms of security context. For example, the standard SELinux user is user_u, the administration staff is staff_u. By convention, SELinux user names usually end with _u. The special case, the Linux root user corresponds to root in SELinux, still. The SELinux user name is the first part of the security context.

SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 8

Adding constraints to the rules - practice

SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 7

Adding constraints to the rules

SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 6

Transitioning domain directly by designing SELinux-aware program