Program myappWe write myapp program. The program is simple but smart and is enough to describe a new domain with domain transition, access permissions and private data.myapp is just a normal program, does not need to be a SELinux-aware program.The program receives user input for a name. The name only accepts letters and spaces. If … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 5

Building and installing module myappWe are ready to build module myapp and insert it into the policy. You run this command to build the module: make -f /usr/share/selinux/omarine/include/Makefile myapp.pp The result is the policy package myapp.pp. Now insert it into the policy with the semodule command, as the root user: semodule -i myapp.pp Designing module … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 4

File myapp.fcmyapp.fc defines the file security contexts, it has the following content: /usr/bin/myapp -- gen_context(system_u:object_r:myapp_exec_t,s0) The /usr/bin/myapp binary will have context with the type myapp_exec_t when running commands like restorecon, fixfiles.Restoring file context automaticallyOmarine by default runs a service that restores file context automatically. It is restorecond service However, this service only applies to files … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 3