File myapp.fcmyapp.fc defines the file security contexts, it has the following content: /usr/bin/myapp -- gen_context(system_u:object_r:myapp_exec_t,s0) The /usr/bin/myapp binary will have context with the type myapp_exec_t when running commands like restorecon, fixfiles.Restoring file context automaticallyOmarine by default runs a service that restores file context automatically. It is restorecond service However, this service only applies to files … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 3

File myapp.ifmyapp.if has three interfaces: myapp_domtrans is used to transition domain. myapp_run is used to transition domain and assign role. myapp_read_log is used to read the log files. The content of the file myapp.if is as follows: ## <summary>Myapp example policy</summary> ## <desc> ## <p> ## More descriptive text about myapp. The desc ## tag … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 2

A program running in its own domain is secure because we can design so that only it can access itsdata and no user can run the program (even root) except for those use is allowed by policy. The security policy is very strong and no application can interfere because it is controlled directly from the … Đọc tiếp SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 1