Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

NOTE: CentOS Enterprise Linux is built from the Red Hat Enterprise Linux source code. Other than logo and name changes CentOS Enterprise Linux is compatible with the equivalent Red Hat version. This document applies equally to both Red Hat and CentOS Enterprise Linux.
Red Hat Enterprise Linux 4: Red Hat SELinux Guide
Prev Next

Index

Symbols

$SELINUX_POLICY/
what is, Conventions for SELinux Directories and Files
$SELINUX_SRC/
what is, Conventions for SELinux Directories and Files

A

access vector rule
syntax, TE Rules - Access Vectors
access vectors, TE Rules - Access Vectors
activating your subscription, Activate Your Subscription
analysis
see tools
see policy analysis
dumping or viewing the logs, Dump and View Logs
dumping or viewing the policy, Dump or View Policy
logs, Controlling and Maintaining SELinux
analyzing
kernel audit message, Enable Kernel Auditing
macros, How To Backtrack a Rule
apol
how to use, Using apol for Policy Analysis
architecture
SELinux, SELinux Architectural Overview
archiving files and directories, Make Backups or Archives That Retain Security Contexts
assuming a new role or type
how to, Assume a New Role
attribute declaration
syntax, TE Rules - Attributes
attributes, TE Rules - Attributes
auditing
how to enable kernel auditing, Enable Kernel Auditing
AV
see access vectors
AVC statistics
how to view, Viewing AVC Statistics
avc: denied
explained, Understanding an avc: denied Message
troubleshooting, Troubleshoot User Problems With SELinux

B

background
SELinux, Brief Background and History of SELinux
backing up files
see archiving files and directories
backtracking a rule
how to, How To Backtrack a Rule
Booleans
command line tools, Change a Boolean Setting
explained, Files and Directories of the Targeted Policy
how to change, Change a Boolean Setting
settings, Files and Directories of the Targeted Policy
boot
policy role in, Policy Role in Boot
building
see compiling
building policy
how to, Compiling SELinux Policy
what is, What Happens During Policy Build

C

CGI scripts
how to run from a mounted directory, Specifying the Security Context of Entire File Systems
changing a Boolean
how to, Change a Boolean Setting
changing the policy
how to, Change the Policy
checking status
how to, View the Status of SELinux
checkpolicy
how to use, What Happens During Policy Build
command line tools
avcstat, Viewing AVC Statistics, Information Gathering Tools
checkpolicy, What Happens During Policy Build
enabling or disabling enforcement, Enable or Disable Enforcement
newrole, Assume a New Role
runcon, Run a Command in a Specified Security Context
seinfo, Information Gathering Tools
sesearch, Information Gathering Tools
sestatus, View the Status of SELinux
setting Booleans, Change a Boolean Setting
useful for shell scripts, Useful Commands for Scripts
commands with SELinux options
cp, Move or Copy Files
id, Check the Security Context of a Process, User, or File Object
ls, Check the Security Context of a Process, User, or File Object
mount, Specifying the Security Context of Entire File Systems
mv, Move or Copy Files
ps, Check the Security Context of a Process, User, or File Object
compiling
SELinux, Compiling SELinux Policy
compiling policy
how to, Policy Compile Procedure
constraints, TE Rules - Constraints
controlling SELinux, Controlling and Maintaining SELinux
administrators, Administrator Control of SELinux
analysts, Enable Kernel Auditing
end users, End User Control of SELinux
conventions
document, Document Conventions
cp command
using with SELinux, Move or Copy Files
customizing policy
how to, Customizing and Writing Policy

D

DAC
definition, Brief Background and History of SELinux
definition of
DAC, Brief Background and History of SELinux
MAC, Brief Background and History of SELinux
object classes, Object Classes and Permissions
permissions, Object Classes and Permissions
targeted policy, What is the Targeted Policy?
direct information flow
see information flow
directories
policy files and directories, Files and Directories of the Targeted Policy
directories for SELinux
what are, Conventions for SELinux Directories and Files
where are, Where is the Policy?
directory access
how to, Grant Access to a Directory or a Tree
directory presentation, Conventions for SELinux Directories and Files
disable
enforcement, Enable or Disable Enforcement
SELinux, Enable or Disable Enforcement
SELinux protection of a daemon, Enable or Disable Enforcement
discretionary access control
see DAC
documentation references
see references
domain transition analysis, Domain Transition Analysis
domains
attributes, TE Rules - Attributes
dhcpd, Policy Types - dhcpd
domain transition analysis, Domain Transition Analysis
dumping logs
how to, Dump and View Logs
dumping policy
how to, Dump or View Policy

E

enable
enforcement, Enable or Disable Enforcement
kernel auditing, Enable Kernel Auditing
SELinux, Enable or Disable Enforcement
SELinux protection of a daemon, Enable or Disable Enforcement
end users
controlling and maintaining SELinux, End User Control of SELinux
troubleshooting user problems, Troubleshoot User Problems With SELinux
example
file contexts files, Understanding the File Contexts Files
network declaration, Files and Directories of the Targeted Policy
role allow, SELinux Roles
role declaration, SELinux Roles

F

file content description
syntax, Understanding the File Contexts Files
file contexts files
example, Understanding the File Contexts Files
files
policy files and directories, Files and Directories of the Targeted Policy
where are SELinux files, Where is the Policy?
Flask, Brief Background and History of SELinux
documentation references
see references
Flask security architecture
and SELinux, Flask Security Architecture and SELinux, SELinux, an Implementation of Flask
further reading
see references

G

genfs labeling, File System Security Contexts
granting access to a directory
how to, Grant Access to a Directory or a Tree
GUI tools
apol, Using apol for Policy Analysis
seaudit, Using seaudit for Audit Log Analysis

H

history
SELinux, Brief Background and History of SELinux
how to
administrator tasks, Administrator Control of SELinux
analyze a macro, How To Backtrack a Rule
archive files and directories, Make Backups or Archives That Retain Security Contexts
assume a new role or type, Assume a New Role
backtrack a rule, How To Backtrack a Rule
backup files, Make Backups or Archives That Retain Security Contexts
change a Boolean setting, Change a Boolean Setting
change the policy, Change the Policy
compile policy, Policy Compile Procedure
dump or view logs, Dump and View Logs
dump or view policy, Dump or View Policy
enable kernel auditing, Enable Kernel Auditing
enable or disable enforcement, Enable or Disable Enforcement
enable or disable SELinux protection of a daemon, Enable or Disable Enforcement
end user tasks, End User Control of SELinux
grant access to a directory, Grant Access to a Directory or a Tree
install a policy package, Load a Policy
know when to compile, Policy Compile Procedure
know when to reboot, When to Reboot
load a binary policy, Load a Policy
manage NFS home directories, Managing NFS Home Directories
performance tune, Performance Tuning
relabel a file or directory, Relabel a File or Directory's Security Context
relabel a file system, Relabel a File System
run a CGI script, Specifying the Security Context of Entire File Systems
run a command in a specified context, Run a Command in a Specified Security Context
run a different policy, Change the Policy
serve Web content from a mounted directory, Specifying the Security Context of Entire File Systems
set context for a file system, Specifying the Security Context of Entire File Systems
troubleshoot SELinux, Troubleshoot User Problems With SELinux
use apol, Using apol for Policy Analysis
use checkpolicy, What Happens During Policy Build
use seaudit, Using seaudit for Audit Log Analysis
validate a policy, What Happens During Policy Build
view AVC statistics, Viewing AVC Statistics
view SELinux status, View the Status of SELinux
write new policy for a daemon, Writing New Policy for a Daemon

I

id command
using with SELinux, Check the Security Context of a Process, User, or File Object
information flow
direct and transitive, Direct and Transitive Information Flow
installing a policy package
how to, Load a Policy
interfaces
see kernel
introduction, Introduction to the Red Hat SELinux Guide

K

kernel
hooks and security contexts, Security Contexts and the Kernel
interfaces, Special Interfaces and File Systems

L

labeling, File System Security Contexts
mountpoint labeling, File System Security Contexts
setting label option on mount, File System Security Contexts
single label for entire file system, File System Security Contexts
links
see references
Linux Security Modules
see LSM
loading a binary policy
how to, Load a Policy
log
analysis, Controlling and Maintaining SELinux
ls command
using with SELinux, Check the Security Context of a Process, User, or File Object
LSM
and SELinux, SELinux, an Implementation of Flask, Brief Background and History of SELinux

M

m4
see macros
MAC
definition, Brief Background and History of SELinux
macro
analysis, How To Backtrack a Rule
macro usage
example, Policy Macros
macros, Policy Macros
common, Common Macros in the Targeted Policy
maintaining SELinux, Controlling and Maintaining SELinux
administrators, Administrator Control of SELinux
end users, End User Control of SELinux
making a directory accessible
how to, Grant Access to a Directory or a Tree
mandatory access control
see MAC
MLS
MAC, SELinux Architectural Overview
mount options
genfs labeling, File System Security Contexts
mounting file systems
and security labeling, File System Security Contexts
mountpoint labeling, File System Security Contexts
multi-level security
see MLS
mv command
using with SELinux, Move or Copy Files

N

network declaration
example, Files and Directories of the Targeted Policy
syntax, Files and Directories of the Targeted Policy
neverallow rule
syntax, TE Rules - Access Vectors
NFS home directories
how to manage, Managing NFS Home Directories
NSA
documentation references
see references

O

object class access vector definitions
syntax, Object Classes and Permissions
object class sets
syntax, Object Classes and Permissions
object classes
definition, Object Classes and Permissions

P

performance tuning, Tools for Manipulating and Analyzing SELinux
how to, Performance Tuning
permissions
common sets, Object Classes and Permissions
definition, Object Classes and Permissions
policy
boot, Policy Role in Boot
files and directories, Where is the Policy?
how it works, SELinux Policy Overview
internal functions, SELinux Policy Overview
overview, SELinux Policy Overview
targeted, Targeted Policy Overview
required packages, SELinux Policy Overview
system start-up
see boot
writing policy, Writing New Policy for a Daemon
policy analysis
direct information flow, Direct and Transitive Information Flow
domain transition analysis, Domain Transition Analysis
policy components, Policy Component Analysis
TE rule analysis, TE Rule Analysis
TE rules, Policy Component Analysis
tools
apol, Using apol for Policy Analysis
seaudit, Using seaudit for Audit Log Analysis
policy and
roles, SELinux Users and Roles
users, SELinux Users and Roles
policy build
what is, What Happens During Policy Build
prerequisite knowledge, Prerequisites for This Guide
ps command
using with SELinux, Check the Security Context of a Process, User, or File Object

R

rebooting
how to know when to reboot, When to Reboot
references, References
Flask, References
NSA, References
SELinux, References
registering your subscription, Activate Your Subscription
relabeling
entire file systems, Relabel a File System
files or directories, Relabel a File or Directory's Security Context
roles, SELinux Users and Roles
assuming a new role, Assume a New Role
targeted policy members, Understanding the Roles and Users in the Targeted Policy
roles and user
targeted policy, Understanding the Roles and Users in the Targeted Policy
rule analysis
see TE rule analysis
running a command in a specific context
how to, Run a Command in a Specified Security Context
running a different policy
how to, Change the Policy

S

seaudit
how to use, Using seaudit for Audit Log Analysis
security contexts
and the kernel, Security Contexts and the Kernel
file systems, File System Security Contexts
security types
dhcpd, Policy Types - dhcpd
security.selinux, File System Security Contexts
SELinux
see explained
and Flask, SELinux, an Implementation of Flask
and LSM, SELinux, an Implementation of Flask
architecture, SELinux Architectural Overview
compiling, Compiling SELinux Policy
control methods, Controlling and Maintaining SELinux
documentation references
see references
history of, Brief Background and History of SELinux
maintenance, Controlling and Maintaining SELinux
tools, Tools for Manipulating and Analyzing SELinux
what is, What Is SELinux?
SELinux files and directories, Files and Directories of the Targeted Policy
what are, Conventions for SELinux Directories and Files
SELinux status
how to, View the Status of SELinux
selinuxfs file system, Special Interfaces and File Systems
setting the context for a file system
how to, Specifying the Security Context of Entire File Systems
shell scripts
enabling or disabling SELinux, Enable or Disable Enforcement
useful commands, Useful Commands for Scripts
start-up
see boot
start-up procedure
see boot
subscription registration, Activate Your Subscription
summary
policy, SELinux Policy Overview
syntax
access vector rule, TE Rules - Access Vectors
attribute declaration, TE Rules - Attributes
avc: denied message, Understanding an avc: denied Message
constraint, TE Rules - Constraints
file context description, Understanding the File Contexts Files
network declaration, Files and Directories of the Targeted Policy
neverallow rule, TE Rules - Access Vectors
object class access vector definitions, Object Classes and Permissions
object class sets, Object Classes and Permissions
role allow, SELinux Roles
role declaration, SELinux Roles
type declaration, TE Rules - Types
type transition, TE Rules - Types
system administrators
controlling and maintaining SELinux, Administrator Control of SELinux

T

targeted policy
common macros, Common Macros in the Targeted Policy
defined, What is the Targeted Policy?
roles and users, Understanding the Roles and Users in the Targeted Policy
TE rule analysis, TE Rule Analysis
tools
for users, Controlling and Maintaining SELinux
SELinux, Tools for Manipulating and Analyzing SELinux
transition analysis
see domain transition analysis
transitive information flow
see information flow
troubleshooting SELinux
how to, Troubleshoot User Problems With SELinux
tunables
AVC cache threshold, Performance Tuning
type declarations, TE Rules - Types
syntax, TE Rules - Types
Type Enforcement
access vectors, TE Rules - Access Vectors
type transition
syntax, TE Rules - Types
types
assuming a new type, Assume a New Role
attributes, TE Rules - Attributes

U

URLs
see references
users, SELinux Users and Roles, End User Control of SELinux
see also end users
$SELINUX_SRC/users file explained, Understanding the Roles and Users in the Targeted Policy
using seaudit, Using seaudit for Audit Log Analysis
arranging views, Arranging Your Views in seaudit
basic filters, Arranging Your Views in seaudit

V

validating a policy
how to, What Happens During Policy Build
viewing
AVC statistics, Viewing AVC Statistics
logs, Dump and View Logs
policy, Dump or View Policy

W

Web content
how to serve from a mounted directory, Specifying the Security Context of Entire File Systems
what are
access vectors, TE Rules - Access Vectors
administrator tasks, Administrator Control of SELinux
attributes, TE Rules - Attributes
directories for SELinux, Conventions for SELinux Directories and Files
end user tasks, End User Control of SELinux
file labels, File System Security Contexts
files and directories used by SELinux, Files and Directories of the Targeted Policy
macros, Policy Macros
object classes, Object Classes and Permissions
roles, SELinux Users and Roles
security contexts, File System Security Contexts
security labels, File System Security Contexts
types, TE Rules - Types
users, SELinux Users and Roles
what happens
during policy build, What Happens During Policy Build
what is
$SELINUX_POLICY/, Conventions for SELinux Directories and Files
$SELINUX_SRC/, Conventions for SELinux Directories and Files
avc: denied, Understanding an avc: denied Message
labeling, File System Security Contexts
mountpoint labeling, File System Security Contexts
policy, SELinux Policy Overview
policy build, What Happens During Policy Build
policy role in boot, Policy Role in Boot
SELinux, What Is SELinux?
selinuxfs file system, Special Interfaces and File Systems
targeted policy, What is the Targeted Policy?
the architecture of SELinux, Flask Security Architecture and SELinux
what you should know, Prerequisites for This Guide
when to
compile, Policy Compile Procedure
reboot, When to Reboot
where are
files and directories for SELinux, Where is the Policy?
writing policy
how to, Customizing and Writing Policy

X

xattr
holding security context labels, File System Security Contexts
Prev Home Next
Brief Background and History of SELinux   Colophon

 
 
  Published under the terms of the GNU General Public License Design by Interspire