Documentos de Académico
Documentos de Profesional
Documentos de Cultura
What Is SELinux?
A security feature of the inu! kernel "riginally de#elo$ed %y the &'A (nitially used to secure ser#ices All system o%)ects *files, $orts, $rocesses+ are la%eled ,he $olicy defines the rules that affect ho- #arious system o%)ects can interact -ith each other
getenforce*/+, setenforce*/+ 23 o$tion to ls*1+ and $s*1+ chcon*/+, restorecon*/+, setfiles*/+ getse%ool*/+, setse%ool*/+, togglese%ool*/+
.!am$les
getenforce setenforce 0 ls 23 $s 2e3 chcon 2t tm$4t tem$dir restorecon 1#ar1---1html1inde!.html getse%ool 2a setse%ool htt$d4ena%le4homedirs 1
Introducing li s!linux
li%selinu! $ro#ides run2time su$$ort li%selinu!2de#el re6uired for %uilding '. inu! $rograms 7include 8selinu!1selinu!.h9 gcc 2o $rogram $rogram.c 2lselinu!
7include 8selinu!1selinu!.h9 7include 8selinu!1a#c.h9 7include 8selinu!1conte!t.h9 7include 8selinu!1flask.h9 7include 8selinu!1get4conte!t4list.h9 7include 8selinu!1la%el.h9
setfilecon*char :$ath, security4conte!t4t conte!t+ fsetfilecon*int fd, security4conte!t4t conte!t+ lsetfilecon*char :$ath, security4conte!t4tconte!t+ getfscreatecon*security4conte!t4t :conte!t+ setfscreatecon*security4conte!t4t conte!t+
7include 8selinu!1conte!t.h9
Con#ersion to security4conte!t4t
conte!t4user4get*conte!t4t ct4conte!t+ conte!t4role4get*conte!t4t ct4conte!t+ conte!t4ty$e4get*conte!t4t ct4conte!t+ conte!t4range4get*conte!t4t ct4conte!t+ conte!t4user4set*conte!t4t ct4conte!t, char :user+ conte!t4role4set*conte!t4t ct4conte!t, char :role+ conte!t4ty$e4set*conte!t4t ct4conte!t, char :ty$e+ conte!t4range4set*conte!t4t ct4conte!t, char :range+
setcon*security4conte!t4t :conte!t+ sete!eccon*security4conte!t4t :conte!t+ 'ets the '. inu! conte!t for the ne!t $rocess created -ith the e!ec#e*2+ system call
security4get4%oolean4$ending*char :%ool4name+
'et the #alue of a %oolean security4set4 %oolean*char :%ool4name, int #alue+ Commit all $ending %oolean changes security4commit4%ooleans*+
A structure -ith t-o fields; char :name, int #alue security4set4%oolean4list*si?e4t n%ools, '. %oolean :%oolean4list, int $ermanent+
Red Hat 'ummit 2010 2 '. inu! for Mere Mortals, ,homas Cameron and 0an @alsh Red Hat 'ummit 2010 2 &ot Aour GrandfatherBs '. inu!, 0an @alsh
htt$;11---.redhat.com1training1courses1rhsC2D