Adding constraints to the rules - practice
In this article we will practice modifying the constraint in the base module for the myapp_se program. First you take the type myapp_se_tmp_t into the mcs_constrained_type group, add the following statements to myapp_se.te file:
require { attribute mcs_constrained_type; }
typeattribute myapp_se_tmp_t mcs_constrained_type;
Then rebuild and reinstall the module myapp_se.
Next we create a base.conf file. Change to /etc/selinux/omarine/src/policy directory and switch to permissive mode, as the root user:
cd /etc/selinux/omarine/src/policy
setenforce 0
Generate the base.conf file. It is exactly the original file of the base source policy module:
make base
Next modify the base.conf file as shown in the previous article.
Now create the binary module file base.mod:
checkmodule -M -U allow base.conf -o base.mod
Create new base policy package base.pp:
semodule_package -o base.pp -m base.mod -f base.fc
Finally install the new base policy package base.pp as usual, then return to enforcing mode:
semodule -i base.pp
setenforce 1
Now root can no longer read /tmp/myapp_se.123456 file
Of course this only really makes sense when you adjust the policy to disallow root to switch to permissive mode. Then the permissive mode is only available when booting with the kernel command line parameter or modifying the configuration file /etc/selinux/config.
Can't see mail in Inbox? Check your Spam folder.
Comments
Judi Online 4 years ago
I have read so many posts concerning the blogger lovers except this
Link | Replyarticle is really a pleasant piece of writing, keep it up.
Annitype 4 years ago
Try the new google patents, with machine-classified google scholar results, and japanese and south korean patents. Publication number US20090196858 A1...
Link | Reply<a href=http://anoxia.info/fluid-in-lungs-symptoms-causes-treatment-surgery>brain anoxia treatment</a>
Disparador de crisis (convulsiГіn) - wikipedia, la enciclopedia libre hypoxia and anoxia
Judi Online 4 years ago
Hi it's me, I am also visiting this site daily, this web page is in fact
Link | Replynice and the people are in fact sharing pleasant thoughts.
phong kham phu khoa 4 years ago
Hi my name is Calvin. Few days ago. i published a article about the best
Link | Replygynecological clinic address in Hanoi. Hope you read
and feedback your review to me. Tks. Here is my article link: http://bit.ly/2STmuTE
Сialis 4 years ago
I think this is among the most significant information for me.
Link | ReplyAnd i'm glad reading your article. But want to remark on some general things,
The website style is great, the articles is really great :
D. Good job, cheers
Yollolom 4 years ago
Oh no you don't Rex, you can't get off that easy. Giving a nice speech does not exonerate you from the failures of your actions as Secretary of State.
Link | Reply<a href=http://gaselectricity.in/vale-of-leven-ex-pats-gas-symptoms>leven</a>
Test drive results 2018 toyota rav4 hybrid electric suv - electric car design consultants, green living expert, guru gastronomia y cia
kolkata escorts 2 years, 1 month ago
Hi, i think that i saw you visited my site so i came to “return the favor”.I'm attempting to find things to enhance my website!I
Link | Replysuppose its ok to use some of your ideas!!
Pham Thanh Tuyen 1 year, 10 months ago
You are welcome!
Link | Replykolkata escorts 2 years, 1 month ago
My developer is trying to persuade me to move to .net from PHP.
Link | ReplyI have always disliked the idea because of the expenses.
But he's tryiong none the less. I've been using Movable-type on a number
of websites for about a year and am concerned about switching to
another platform. I have heard fantastic things about blogengine.net.
Is there a way I can import all my wordpress posts into it?
Any kind of help would be really appreciated!
kolkata escorts 2 years, 1 month ago
I have been browsing online more than 3 hours today, yet I never found any interesting article like yours.
Link | ReplyIt's pretty worth enough for me. Personally, if all webmasters and bloggers made good content as you did,
the web will be much more useful than ever before.
call girls in kolkata 2 years, 1 month ago
Hi! I've been reading your site for a while now and finally got the courage
Link | Replyto go ahead and give you a shout out from Kingwood Tx!
Just wanted to say keep up the excellent job!
kolkata escorts 2 years, 1 month ago
I was suggested this website by my cousin. I'm not sure whether this post
Link | Replyis written by him as no one else know such detailed about
my trouble. You're incredible! Thanks!
Pham Thanh Tuyen 1 year, 10 months ago
What's interesting here is not about me, but the open source community. I just write.
Link | Replynauka czeskiego online 2 years, 1 month ago
You are so awesome! I do not think I've read anything like that before.
Link | ReplySo great to find somebody with unique thoughts on this subject matter.
Really.. many thanks for starting this up.
This site is one thing that is required on the internet, someone with
a little originality!
web page 2 years, 1 month ago
Hello, i read your blog from time to time and i own a similar one and i was
Link | Replyjust curious iff you get a lot of spam feedback?
If so hhow ddo you protect agyainst it, any
plugin or anything you can advise? I gget so much lately it's driving me insane soo any
assistance is very much appreciated.
Medicina deportiva web page cómo bomberar músculo
Pham Thanh Tuyen 1 year, 10 months ago
Use open source instead of black box plugins
Link | Replykolkata escorts 2 years, 1 month ago
I want to to thank you for this fantastic read!! I certainly loved every bit of it.
Link | ReplyI've got you book-marked to check out new things you post…
Hai San Mr D 2 years, 1 month ago
Thanks for sharing your thoughts. I really appreciate your efforts and
Link | ReplyI am waiting for your next post thank you once again.
watch shop fake 2 years, 1 month ago
Big Comparison Is Here: Fake Rolex VS Real
Link | ReplyThe most popular watch models of luxury watch
brands are sold at very high prices. As such, many people are turning to affordable watch alternatives of luxury watch brands.
At this point, a confusion arises. Replica and fake watch confusion … In this article, we will touch on fake Rolex VS real and discuss the curious details.
You can learn the difference between these two types of watches by
reading our article. jf factory
timeshare exit companies reviews 2 years ago
Tһis is a supеrb write-up but I consist of a little sometһing I woᥙld
Link | Replylike to watch with you. Do you need tto have to get out of your timeshare?
We can guidance you uncover the most ѕtraightforward business enterprise on our website!
replica watches 2 years ago
For the reason that the admin of this web page is working, no hesitation very soon it will be renowned, due to its quality
Link | Replycontents.
replica watches 2 years ago
Appreciating the commitment you put into your blog and in depth information you present.
Link | ReplyIt's nice to come across a blog every once in a while that isn't the same outdated rehashed material.
Great read! I've bookmarked your site and I'm including your RSS
feeds to my Google account.
replica watches 2 years ago
Attractive section of content. I just stumbled upon your weblog and
Link | Replyin accession capital to assert that I get in fact enjoyed account your blog posts.
Anyway I will be subscribing to your augment and even I achievement you
access consistently quickly.
replica watches 2 years ago
This article gives clear idea for the new people of
Link | Replyblogging, that genuinely how to do running a blog.
replica watches 2 years ago
Great beat ! I would like to apprentice at the same time as you amend your
Link | Replywebsite, how could i subscribe for a blog web site?
The account helped me a appropriate deal. I were tiny bit
acquainted of this your broadcast provided vivid transparent idea
New Comment