|
Index- access vector rule
- syntax,
TE Rules - Access Vectors
- access vectors,
TE Rules - Access Vectors
- activating your subscription,
Activate Your Subscription
- analysis
- see tools
- see policy analysis
- dumping or viewing the logs,
Dump and View Logs
- dumping or viewing the policy,
Dump or View Policy
- logs,
Controlling and Maintaining SELinux
- analyzing
- kernel audit message,
Enable Kernel Auditing
- macros,
How To Backtrack a Rule
- apol
- how to use,
Using apol for Policy Analysis
- architecture
- SELinux,
SELinux Architectural Overview
- archiving files and directories,
Make Backups or Archives That Retain Security Contexts
- assuming a new role or type
- how to,
Assume a New Role
- attribute declaration
- syntax,
TE Rules - Attributes
- attributes,
TE Rules - Attributes
- auditing
- how to enable kernel auditing,
Enable Kernel Auditing
- AV
- see access vectors
- AVC statistics
- how to view,
Viewing AVC Statistics
- avc: denied
- explained,
Understanding an avc: denied Message
- troubleshooting,
Troubleshoot User Problems With SELinux
- CGI scripts
- how to run from a mounted directory,
Specifying the Security Context of Entire File Systems
- changing a Boolean
- how to,
Change a Boolean Setting
- changing the policy
- how to,
Change the Policy
- checking status
- how to,
View the Status of SELinux
- checkpolicy
- how to use,
What Happens During Policy Build
- command line tools
- avcstat,
Viewing AVC Statistics,
Information Gathering Tools
- checkpolicy,
What Happens During Policy Build
- enabling or disabling enforcement,
Enable or Disable Enforcement
- newrole,
Assume a New Role
- runcon,
Run a Command in a Specified Security Context
- seinfo,
Information Gathering Tools
- sesearch,
Information Gathering Tools
- sestatus,
View the Status of SELinux
- setting Booleans,
Change a Boolean Setting
- useful for shell scripts,
Useful Commands for Scripts
- commands with SELinux options
- cp,
Move or Copy Files
- id,
Check the Security Context of a Process, User, or File Object
- ls,
Check the Security Context of a Process, User, or File Object
- mount,
Specifying the Security Context of Entire File Systems
- mv,
Move or Copy Files
- ps,
Check the Security Context of a Process, User, or File Object
- compiling
- SELinux,
Compiling SELinux Policy
- compiling policy
- how to,
Policy Compile Procedure
- constraints,
TE Rules - Constraints
- controlling SELinux,
Controlling and Maintaining SELinux
- administrators,
Administrator Control of SELinux
- analysts,
Enable Kernel Auditing
- end users,
End User Control of SELinux
- conventions
- document,
Document Conventions
- cp command
- using with SELinux,
Move or Copy Files
- customizing policy
- how to,
Customizing and Writing Policy
- DAC
- definition,
Brief Background and History of SELinux
- definition of
- DAC,
Brief Background and History of SELinux
- MAC,
Brief Background and History of SELinux
- object classes,
Object Classes and Permissions
- permissions,
Object Classes and Permissions
- targeted policy,
What is the Targeted Policy?
- direct information flow
- see information flow
- directories
- policy files and directories,
Files and Directories of the Targeted Policy
- directories for SELinux
- what are,
Conventions for SELinux Directories and Files
- where are,
Where is the Policy?
- directory access
- how to,
Grant Access to a Directory or a Tree
- directory presentation,
Conventions for SELinux Directories and Files
- disable
- enforcement,
Enable or Disable Enforcement
- SELinux,
Enable or Disable Enforcement
- SELinux protection of a daemon,
Enable or Disable Enforcement
- discretionary access control
- see DAC
- documentation references
- see references
- domain transition analysis,
Domain Transition Analysis
- domains
- attributes,
TE Rules - Attributes
- dhcpd,
Policy Types - dhcpd
- domain transition analysis,
Domain Transition Analysis
- dumping logs
- how to,
Dump and View Logs
- dumping policy
- how to,
Dump or View Policy
- enable
- enforcement,
Enable or Disable Enforcement
- kernel auditing,
Enable Kernel Auditing
- SELinux,
Enable or Disable Enforcement
- SELinux protection of a daemon,
Enable or Disable Enforcement
- end users
- controlling and maintaining SELinux,
End User Control of SELinux
- troubleshooting user problems,
Troubleshoot User Problems With SELinux
- example
- file contexts files,
Understanding the File Contexts Files
- network declaration,
Files and Directories of the Targeted Policy
- role allow,
SELinux Roles
- role declaration,
SELinux Roles
- history
- SELinux,
Brief Background and History of SELinux
- how to
- administrator tasks,
Administrator Control of SELinux
- analyze a macro,
How To Backtrack a Rule
- archive files and directories,
Make Backups or Archives That Retain Security Contexts
- assume a new role or type,
Assume a New Role
- backtrack a rule,
How To Backtrack a Rule
- backup files,
Make Backups or Archives That Retain Security Contexts
- change a Boolean setting,
Change a Boolean Setting
- change the policy,
Change the Policy
- compile policy,
Policy Compile Procedure
- dump or view logs,
Dump and View Logs
- dump or view policy,
Dump or View Policy
- enable kernel auditing,
Enable Kernel Auditing
- enable or disable enforcement,
Enable or Disable Enforcement
- enable or disable SELinux protection of a daemon,
Enable or Disable Enforcement
- end user tasks,
End User Control of SELinux
- grant access to a directory,
Grant Access to a Directory or a Tree
- install a policy package,
Load a Policy
- know when to compile,
Policy Compile Procedure
- know when to reboot,
When to Reboot
- load a binary policy,
Load a Policy
- manage NFS home directories,
Managing NFS Home Directories
- performance tune,
Performance Tuning
- relabel a file or directory,
Relabel a File or Directory's Security Context
- relabel a file system,
Relabel a File System
- run a CGI script,
Specifying the Security Context of Entire File Systems
- run a command in a specified context,
Run a Command in a Specified Security Context
- run a different policy,
Change the Policy
- serve Web content from a mounted directory,
Specifying the Security Context of Entire File Systems
- set context for a file system,
Specifying the Security Context of Entire File Systems
- troubleshoot SELinux,
Troubleshoot User Problems With SELinux
- use apol,
Using apol for Policy Analysis
- use checkpolicy,
What Happens During Policy Build
- use seaudit,
Using seaudit for Audit Log Analysis
- validate a policy,
What Happens During Policy Build
- view AVC statistics,
Viewing AVC Statistics
- view SELinux status,
View the Status of SELinux
- write new policy for a daemon,
Writing New Policy for a Daemon
- labeling,
File System Security Contexts
- mountpoint labeling,
File System Security Contexts
- setting label option on mount,
File System Security Contexts
- single label for entire file system,
File System Security Contexts
- links
- see references
- Linux Security Modules
- see LSM
- loading a binary policy
- how to,
Load a Policy
- log
- analysis,
Controlling and Maintaining SELinux
- ls command
- using with SELinux,
Check the Security Context of a Process, User, or File Object
- LSM
- and SELinux,
SELinux, an Implementation of Flask,
Brief Background and History of SELinux
- m4
- see macros
- MAC
- definition,
Brief Background and History of SELinux
- macro
- analysis,
How To Backtrack a Rule
- macro usage
- example,
Policy Macros
- macros,
Policy Macros
- common,
Common Macros in the Targeted Policy
- maintaining SELinux,
Controlling and Maintaining SELinux
- administrators,
Administrator Control of SELinux
- end users,
End User Control of SELinux
- making a directory accessible
- how to,
Grant Access to a Directory or a Tree
- mandatory access control
- see MAC
- MLS
- MAC,
SELinux Architectural Overview
- mount options
- genfs labeling,
File System Security Contexts
- mounting file systems
- and security labeling,
File System Security Contexts
- mountpoint labeling,
File System Security Contexts
- multi-level security
- see MLS
- mv command
- using with SELinux,
Move or Copy Files
- performance tuning,
Tools for Manipulating and Analyzing SELinux
- how to,
Performance Tuning
- permissions
- common sets,
Object Classes and Permissions
- definition,
Object Classes and Permissions
- policy
- boot,
Policy Role in Boot
- files and directories,
Where is the Policy?
- how it works,
SELinux Policy Overview
- internal functions,
SELinux Policy Overview
- overview,
SELinux Policy Overview
- targeted,
Targeted Policy Overview
- required packages,
SELinux Policy Overview
- system start-up
- see boot
- writing policy,
Writing New Policy for a Daemon
- policy analysis
- direct information flow,
Direct and Transitive Information Flow
- domain transition analysis,
Domain Transition Analysis
- policy components,
Policy Component Analysis
- TE rule analysis,
TE Rule Analysis
- TE rules,
Policy Component Analysis
- tools
- apol,
Using apol for Policy Analysis
- seaudit,
Using seaudit for Audit Log Analysis
- policy and
- roles,
SELinux Users and Roles
- users,
SELinux Users and Roles
- policy build
- what is,
What Happens During Policy Build
- prerequisite knowledge,
Prerequisites for This Guide
- ps command
- using with SELinux,
Check the Security Context of a Process, User, or File Object
- rebooting
- how to know when to reboot,
When to Reboot
- references,
References
- Flask,
References
- NSA,
References
- SELinux,
References
- registering your subscription,
Activate Your Subscription
- relabeling
- entire file systems,
Relabel a File System
- files or directories,
Relabel a File or Directory's Security Context
- roles,
SELinux Users and Roles
- assuming a new role,
Assume a New Role
- targeted policy members,
Understanding the Roles and Users in the Targeted Policy
- roles and user
- targeted policy,
Understanding the Roles and Users in the Targeted Policy
- rule analysis
- see TE rule analysis
- running a command in a specific context
- how to,
Run a Command in a Specified Security Context
- running a different policy
- how to,
Change the Policy
- seaudit
- how to use,
Using seaudit for Audit Log Analysis
- security contexts
- and the kernel,
Security Contexts and the Kernel
- file systems,
File System Security Contexts
- security types
- dhcpd,
Policy Types - dhcpd
- security.selinux,
File System Security Contexts
- SELinux
- see explained
- and Flask,
SELinux, an Implementation of Flask
- and LSM,
SELinux, an Implementation of Flask
- architecture,
SELinux Architectural Overview
- compiling,
Compiling SELinux Policy
- control methods,
Controlling and Maintaining SELinux
- documentation references
- see references
- history of,
Brief Background and History of SELinux
- maintenance,
Controlling and Maintaining SELinux
- tools,
Tools for Manipulating and Analyzing SELinux
- what is,
What Is SELinux?
- SELinux files and directories,
Files and Directories of the Targeted Policy
- what are,
Conventions for SELinux Directories and Files
- SELinux status
- how to,
View the Status of SELinux
- selinuxfs file system,
Special Interfaces and File Systems
- setting the context for a file system
- how to,
Specifying the Security Context of Entire File Systems
- shell scripts
- enabling or disabling SELinux,
Enable or Disable Enforcement
- useful commands,
Useful Commands for Scripts
- start-up
- see boot
- start-up procedure
- see boot
- subscription registration,
Activate Your Subscription
- summary
- policy,
SELinux Policy Overview
- syntax
- access vector rule,
TE Rules - Access Vectors
- attribute declaration,
TE Rules - Attributes
- avc: denied message,
Understanding an avc: denied Message
- constraint,
TE Rules - Constraints
- file context description,
Understanding the File Contexts Files
- network declaration,
Files and Directories of the Targeted Policy
- neverallow rule,
TE Rules - Access Vectors
- object class access vector definitions,
Object Classes and Permissions
- object class sets,
Object Classes and Permissions
- role allow,
SELinux Roles
- role declaration,
SELinux Roles
- type declaration,
TE Rules - Types
- type transition,
TE Rules - Types
- system administrators
- controlling and maintaining SELinux,
Administrator Control of SELinux
- targeted policy
- common macros,
Common Macros in the Targeted Policy
- defined,
What is the Targeted Policy?
- roles and users,
Understanding the Roles and Users in the Targeted Policy
- TE rule analysis,
TE Rule Analysis
- tools
- for users,
Controlling and Maintaining SELinux
- SELinux,
Tools for Manipulating and Analyzing SELinux
- transition analysis
- see domain transition analysis
- transitive information flow
- see information flow
- troubleshooting SELinux
- how to,
Troubleshoot User Problems With SELinux
- tunables
- AVC cache threshold,
Performance Tuning
- type declarations,
TE Rules - Types
- syntax,
TE Rules - Types
- Type Enforcement
- access vectors,
TE Rules - Access Vectors
- type transition
- syntax,
TE Rules - Types
- types
- assuming a new type,
Assume a New Role
- attributes,
TE Rules - Attributes
- Web content
- how to serve from a mounted directory,
Specifying the Security Context of Entire File Systems
- what are
- access vectors,
TE Rules - Access Vectors
- administrator tasks,
Administrator Control of SELinux
- attributes,
TE Rules - Attributes
- directories for SELinux,
Conventions for SELinux Directories and Files
- end user tasks,
End User Control of SELinux
- file labels,
File System Security Contexts
- files and directories used by SELinux,
Files and Directories of the Targeted Policy
- macros,
Policy Macros
- object classes,
Object Classes and Permissions
- roles,
SELinux Users and Roles
- security contexts,
File System Security Contexts
- security labels,
File System Security Contexts
- types,
TE Rules - Types
- users,
SELinux Users and Roles
- what happens
- during policy build,
What Happens During Policy Build
- what is
- $SELINUX_POLICY/,
Conventions for SELinux Directories and Files
- $SELINUX_SRC/,
Conventions for SELinux Directories and Files
- avc: denied,
Understanding an avc: denied Message
- labeling,
File System Security Contexts
- mountpoint labeling,
File System Security Contexts
- policy,
SELinux Policy Overview
- policy build,
What Happens During Policy Build
- policy role in boot,
Policy Role in Boot
- SELinux,
What Is SELinux?
- selinuxfs file system,
Special Interfaces and File Systems
- targeted policy,
What is the Targeted Policy?
- the architecture of SELinux,
Flask Security Architecture and SELinux
- what you should know,
Prerequisites for This Guide
- when to
- compile,
Policy Compile Procedure
- reboot,
When to Reboot
- where are
- files and directories for SELinux,
Where is the Policy?
- writing policy
- how to,
Customizing and Writing Policy
|
|