File myapp.ifmyapp.if has three interfaces: myapp_domtrans is used to transition domain. myapp_run is used to transition domain and assign role. myapp_read_log is used to read the log files. The content of the file myapp.if is as follows: ## <summary>Myapp example policy</summary> ## <desc> ## <p> ## More descriptive text about myapp. The desc ## tag … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 2

A program running in its own domain is secure because we can design so that only it can access itsdata and no user can run the program (even root) except for those use is allowed by policy. The security policy is very strong and no application can interfere because it is controlled directly from the … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 1

All programs are checked for security before running. In more detail, whenever the execve() function (or its front-ends functions) is called to execute a program, the kernel conducts a check of permissions. It does that by using hook functions installed with execve().The execve() function is defined in the fs/exec.c file of the kernel source code. … Đọc tiếp SELinux: kernel: The steps for security checking a program before it runs and the corresponding security rules