ADIOS Project
SELinux
Currently you need to download the selinux optional component which contains the
uml_root_fs filesystem.
Files
/etc/selinux/src/policy - the policy source directory
- getfattr - get extended file attributes
- chcon - change security context
Policy source directory
- /etc/selinux (Debian)
- /etc/security/selinux/src/policy
context=adios:user_r:user_t
- identity adios has role and domain
- domains sysdam_t, init_t, named_t
domain applies to a process while type appliies to objects such as files, directories,
sockets, etc
role determines what domains can be used
- in order to allow a user from the user_t domain to execute the passwd command
- role user_r types user_passwd_t
Policies are a set of rules governing:
- roles a user has access to
- which roles can enter which domains
- which domains can access which types
Installing
cd /etc/security/selinux/src/policy
make load
make relabel
/etc/fstab
none /selinux selinuxfs noauto
0 0
/etc/pam.d/login
session required pam_selinux.so
newrole -r role