Building and installing module myappWe are ready to build module myapp and insert it into the policy. You run this command to build the module: make -f /usr/share/selinux/omarine/include/Makefile myapp.pp The result is the policy package myapp.pp. Now insert it into the policy with the semodule command, as the root user: semodule -i myapp.pp Designing module … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 4

File myapp.fcmyapp.fc defines the file security contexts, it has the following content: /usr/bin/myapp -- gen_context(system_u:object_r:myapp_exec_t,s0) The /usr/bin/myapp binary will have context with the type myapp_exec_t when running commands like restorecon, fixfiles.Restoring file context automaticallyOmarine by default runs a service that restores file context automatically. It is restorecond service However, this service only applies to files … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 3

File myapp.ifmyapp.if has three interfaces: myapp_domtrans is used to transition domain. myapp_run is used to transition domain and assign role. myapp_read_log is used to read the log files. The content of the file myapp.if is as follows: ## <summary>Myapp example policy</summary> ## <desc> ## <p> ## More descriptive text about myapp. The desc ## tag … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 2