http://www.selinuxproject.org/w/?title=ConfigurationFiles&action=history&feed=atom ConfigurationFiles - Revision history 2024-03-28T23:36:36Z Revision history for this page on the wiki MediaWiki 1.23.13 http://www.selinuxproject.org/w/?title=ConfigurationFiles&diff=1724&oldid=prev RichardHaines at 15:06, 8 December 2014 2014-12-08T15:06:31Z <p></p> <a href="http://www.selinuxproject.org/w/?title=ConfigurationFiles&amp;diff=1724&amp;oldid=921">Show changes</a> RichardHaines http://www.selinuxproject.org/w/?title=ConfigurationFiles&diff=921&oldid=prev RichardHaines: /* SELinux Configuration Files */ 2010-05-12T13:58:00Z <p>‎<span dir="auto"><span class="autocomment">SELinux Configuration Files</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 13:58, 12 May 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 2:</td> <td colspan="2" class="diff-lineno">Line 2:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This section explains each SELinux configuration file with its format, example content and where applicable, any supporting SELinux command or library API function names where the appropriate man(3) pages should be consulted regarding their use). &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This section explains each SELinux configuration file with its format, example content and where applicable, any supporting SELinux command or library API function names where the appropriate man(3) pages should be consulted regarding their use). &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Note: Configuration file names and content have changed over the various releases of SELinux, this section defines those seen in the Fedora <del class="diffchange diffchange-inline">10 </del>release when building custom and Reference Policy policies.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Note: Configuration file names and content have changed over the various releases of SELinux, this section defines those seen in the Fedora <ins class="diffchange diffchange-inline">12 </ins>release when building custom and Reference Policy policies.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This Section classifies the types of configuration file used in SELinux as follows:</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This Section classifies the types of configuration file used in SELinux as follows:</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 48:</td> <td colspan="2" class="diff-lineno">Line 48:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** seusers File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** seusers File</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** setrans.conf File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** setrans.conf File</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">** secolor.conf File</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** &lt;nowiki&gt;policy/policy[ver] File&lt;/nowiki&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** &lt;nowiki&gt;policy/policy[ver] File&lt;/nowiki&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/customizable_types File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/customizable_types File</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 59:</td> <td colspan="2" class="diff-lineno">Line 60:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/securetty_types File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/securetty_types File</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/userhelper_context File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/userhelper_context File</div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">** contexts/virtual_domain_context File</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">** contexts/virtual_image_context File</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/x_contexts File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/x_contexts File</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/files/file_contexts File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** contexts/files/file_contexts File</div></td></tr> </table> RichardHaines http://www.selinuxproject.org/w/?title=ConfigurationFiles&diff=915&oldid=prev RichardHaines at 16:33, 16 March 2010 2010-03-16T16:33:07Z <p></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 16:33, 16 March 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 6:</td> <td colspan="2" class="diff-lineno">Line 6:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This Section classifies the types of configuration file used in SELinux as follows:</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This Section classifies the types of configuration file used in SELinux as follows:</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Global Configuration files that affect the active policy and their supporting SELinux-aware applications, utilities or commands. These can be located in /etc/selinux or other places depending on the application.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Global Configuration files that affect the active policy and their supporting SELinux-aware applications, utilities or commands. These can be located in <ins class="diffchange diffchange-inline">&lt;tt&gt;</ins>/etc/selinux<ins class="diffchange diffchange-inline">&lt;/tt&gt; </ins>or other places depending on the application.</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* Files specific to a named policy configuration that are located at &lt;<del class="diffchange diffchange-inline">nowiki</del>&gt;/etc/selinux/&lt;policy_name&gt;&lt;/<del class="diffchange diffchange-inline">nowiki</del>&gt;, where &lt;<del class="diffchange diffchange-inline">nowiki</del>&gt;&lt;policy_name&gt;&lt;/<del class="diffchange diffchange-inline">nowiki</del>&gt; is the name given in the SELINUXTYPE= entry of the /etc/selinux/config file. The files in this area are split into two main sections:</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* Files specific to a named policy configuration that are located at &lt;<ins class="diffchange diffchange-inline">tt</ins>&gt;/etc/selinux/&lt;policy_name&gt;&lt;/<ins class="diffchange diffchange-inline">tt</ins>&gt;, where &lt;<ins class="diffchange diffchange-inline">tt</ins>&gt;&lt;policy_name&gt;&lt;/<ins class="diffchange diffchange-inline">tt</ins>&gt; is the name given in the <ins class="diffchange diffchange-inline">&lt;tt&gt;</ins>SELINUXTYPE=<ins class="diffchange diffchange-inline">&lt;/tt&gt; </ins>entry of the <ins class="diffchange diffchange-inline">&lt;tt&gt;</ins>/etc/selinux/config<ins class="diffchange diffchange-inline">&lt;/tt&gt; </ins>file. The files in this area are split into two main sections:</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>** The Policy Store Configuration files that are 'private'<del class="diffchange diffchange-inline">[Ref 1]</del>and managed by the semanage(8) and semodule(8) commands <del class="diffchange diffchange-inline">[Ref 2]</del>. These are located in the &lt;<del class="diffchange diffchange-inline">nowiki</del>&gt;/etc/selinux/&lt;policy_name&gt;/module&lt;/<del class="diffchange diffchange-inline">nowiki</del>&gt; set of directories. These are used to build the majority of the Policy Configuration files. &#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** The Policy Store Configuration files that are 'private'<ins class="diffchange diffchange-inline">&lt;ref name=&quot;ref1&quot;&gt;They should NOT be edited as together they describe the 'policy'.&lt;/ref&gt; </ins>and managed by the <ins class="diffchange diffchange-inline">&lt;tt&gt;</ins>semanage(8)<ins class="diffchange diffchange-inline">&lt;/tt&gt; </ins>and <ins class="diffchange diffchange-inline">&lt;tt&gt;</ins>semodule(8)<ins class="diffchange diffchange-inline">&lt;/tt&gt; </ins>commands<ins class="diffchange diffchange-inline">&lt;ref name=&quot;ref2&quot;&gt;The &lt;tt&gt;system-config-selinux&lt;/tt&gt; GUI (supplied in the polycoreutils-gui rpm) can also be used to manage users, booleans and the general configuration of SELinux as it calls semanage, however it does not manage all that the semanage command can (it also gets bitter &amp; twisted if there are no MCS/MLS labels on some operations).&lt;/ref&gt;</ins>. These are located in the &lt;<ins class="diffchange diffchange-inline">tt</ins>&gt;/etc/selinux/&lt;policy_name&gt;/module&lt;/<ins class="diffchange diffchange-inline">tt</ins>&gt; set of directories. These are used to build the majority of the Policy Configuration files. &#160;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>** The Policy Configuration files that are used when the policy is activated <del class="diffchange diffchange-inline">[Ref 3]</del>. The majority of these files are now managed via the Policy Store and should not be edited directly, however others are specific to SELinux-aware applications and have no configuration utilities (e.g. debus and X-Windows context files).</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>** The Policy Configuration files that are used when the policy is activated<ins class="diffchange diffchange-inline">&lt;ref name=&quot;ref3&quot;&gt;The 'active policy' is pointed to by an entry in the &lt;tt&gt;/etc/selinux/config&lt;/tt&gt; file discussed in the &lt;tt&gt;/etc/selinux/config&lt;/tt&gt; file section.&lt;/ref&gt;</ins>. The majority of these files are now managed via the Policy Store and should not be edited directly, however others are specific to SELinux-aware applications and have no configuration utilities (e.g. debus and X-Windows context files).</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* SELinux Kernel Configuration files that are located under the /selinux directory and reflect the current configuration of SELinux and the active policy. This area is used extensively by the libselinux library for user space object managers and other SELinux-aware applications. These files and directories should not be updated by users (the majority are read only anyway), however they can be read to check various configuration parameters. ToDO - Put in link to these when I've done them.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* SELinux Kernel Configuration files that are located under the <ins class="diffchange diffchange-inline">&lt;tt&gt;</ins>/selinux<ins class="diffchange diffchange-inline">&lt;/tt&gt; </ins>directory and reflect the current configuration of SELinux and the active policy. This area is used extensively by the <ins class="diffchange diffchange-inline">&lt;tt&gt;</ins>libselinux<ins class="diffchange diffchange-inline">&lt;/tt&gt; </ins>library for user space object managers and other SELinux-aware applications. These files and directories should not be updated by users (the majority are read only anyway), however they can be read to check various configuration parameters. ToDO - Put in link to these when I've done them.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Whenever possible the appropriate SELinux application should be used to manage all of these configuration files.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>Whenever possible the appropriate SELinux application should be used to manage all of these configuration files.</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 66:</td> <td colspan="2" class="diff-lineno">Line 66:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** &lt;nowiki&gt;contexts/users/[seuser_id] File&lt;/nowiki&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** &lt;nowiki&gt;contexts/users/[seuser_id] File&lt;/nowiki&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">ToDo - Find out how to put in footnotes correctly !!!!</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">&lt;references</ins>/<ins class="diffchange diffchange-inline">&gt;</ins></div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* [Ref 1] - They should NOT be edited as together they describe the 'policy'.</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* [Ref 2] - The system-config-selinux GUI (supplied in the polycoreutils-gui rpm) can also be used to manage users, booleans and the general configuration of SELinux as it calls semanage, however it does not manage all that the semanage command can (it also gets bitter &amp; twisted if there are no MCS</del>/<del class="diffchange diffchange-inline">MLS labels on some operations).</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">* [Ref 3] - The 'active policy' is pointed to by an entry in the /etc/selinux/config file discussed in the /etc/selinux/config file section.</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> </table> RichardHaines http://www.selinuxproject.org/w/?title=ConfigurationFiles&diff=858&oldid=prev RichardHaines: /* Policy Configuration Files */ 2009-12-02T13:39:05Z <p>‎<span dir="auto"><span class="autocomment">Policy Configuration Files</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 13:39, 2 December 2009</td> </tr><tr><td colspan="2" class="diff-lineno">Line 45:</td> <td colspan="2" class="diff-lineno">Line 45:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Policy Configuration Files ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== Policy Configuration Files ==</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>* The following files are described in the [[PolicyConfigurationFiles|<del class="diffchange diffchange-inline">PolicyConfiguration </del>Files]] section:</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>* The following files are described in the [[PolicyConfigurationFiles|<ins class="diffchange diffchange-inline">Policy Configuration </ins>Files]] section:</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** seusers File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** seusers File</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** setrans.conf File</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** setrans.conf File</div></td></tr> </table> RichardHaines http://www.selinuxproject.org/w/?title=ConfigurationFiles&diff=857&oldid=prev RichardHaines at 13:37, 2 December 2009 2009-12-02T13:37:56Z <p></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 13:37, 2 December 2009</td> </tr><tr><td colspan="2" class="diff-lineno">Line 1:</td> <td colspan="2" class="diff-lineno">Line 1:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>= SELinux Configuration Files =</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>= SELinux Configuration Files =</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">== Introduction ==</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This section explains each SELinux configuration file with its format, example content and where applicable, any supporting SELinux command or library API function names where the appropriate man(3) pages should be consulted regarding their use). &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This section explains each SELinux configuration file with its format, example content and where applicable, any supporting SELinux command or library API function names where the appropriate man(3) pages should be consulted regarding their use). &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td colspan="2" class="diff-lineno">Line 67:</td> <td colspan="2" class="diff-lineno">Line 66:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** &lt;nowiki&gt;contexts/users/[seuser_id] File&lt;/nowiki&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>** &lt;nowiki&gt;contexts/users/[seuser_id] File&lt;/nowiki&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">ToDo - Find out how to put in footnotes correctly !!!!</ins></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* [Ref 1] - They should NOT be edited as together they describe the 'policy'.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* [Ref 1] - They should NOT be edited as together they describe the 'policy'.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* [Ref 2] - The system-config-selinux GUI (supplied in the polycoreutils-gui rpm) can also be used to manage users, booleans and the general configuration of SELinux as it calls semanage, however it does not manage all that the semanage command can (it also gets bitter &amp; twisted if there are no MCS/MLS labels on some operations).</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* [Ref 2] - The system-config-selinux GUI (supplied in the polycoreutils-gui rpm) can also be used to manage users, booleans and the general configuration of SELinux as it calls semanage, however it does not manage all that the semanage command can (it also gets bitter &amp; twisted if there are no MCS/MLS labels on some operations).</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* [Ref 3] - The 'active policy' is pointed to by an entry in the /etc/selinux/config file discussed in the /etc/selinux/config file section.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>* [Ref 3] - The 'active policy' is pointed to by an entry in the /etc/selinux/config file discussed in the /etc/selinux/config file section.</div></td></tr> </table> RichardHaines http://www.selinuxproject.org/w/?title=ConfigurationFiles&diff=856&oldid=prev RichardHaines: New page: = SELinux Configuration Files = == Introduction == This section explains each SELinux configuration file with its format, example content and where applicable, any supporting SELinux comma... 2009-12-02T13:36:01Z <p>New page: = SELinux Configuration Files = == Introduction == This section explains each SELinux configuration file with its format, example content and where applicable, any supporting SELinux comma...</p> <p><b>New page</b></p><div>= SELinux Configuration Files =<br /> == Introduction ==<br /> This section explains each SELinux configuration file with its format, example content and where applicable, any supporting SELinux command or library API function names where the appropriate man(3) pages should be consulted regarding their use). <br /> <br /> Note: Configuration file names and content have changed over the various releases of SELinux, this section defines those seen in the Fedora 10 release when building custom and Reference Policy policies.<br /> <br /> This Section classifies the types of configuration file used in SELinux as follows:<br /> <br /> * Global Configuration files that affect the active policy and their supporting SELinux-aware applications, utilities or commands. These can be located in /etc/selinux or other places depending on the application.<br /> * Files specific to a named policy configuration that are located at &lt;nowiki&gt;/etc/selinux/&lt;policy_name&gt;&lt;/nowiki&gt;, where &lt;nowiki&gt;&lt;policy_name&gt;&lt;/nowiki&gt; is the name given in the SELINUXTYPE= entry of the /etc/selinux/config file. The files in this area are split into two main sections:<br /> ** The Policy Store Configuration files that are 'private'[Ref 1]and managed by the semanage(8) and semodule(8) commands [Ref 2]. These are located in the &lt;nowiki&gt;/etc/selinux/&lt;policy_name&gt;/module&lt;/nowiki&gt; set of directories. These are used to build the majority of the Policy Configuration files. <br /> ** The Policy Configuration files that are used when the policy is activated [Ref 3]. The majority of these files are now managed via the Policy Store and should not be edited directly, however others are specific to SELinux-aware applications and have no configuration utilities (e.g. debus and X-Windows context files).<br /> * SELinux Kernel Configuration files that are located under the /selinux directory and reflect the current configuration of SELinux and the active policy. This area is used extensively by the libselinux library for user space object managers and other SELinux-aware applications. These files and directories should not be updated by users (the majority are read only anyway), however they can be read to check various configuration parameters. ToDO - Put in link to these when I've done them.<br /> <br /> Whenever possible the appropriate SELinux application should be used to manage all of these configuration files.<br /> <br /> When these configuration files are used to configure a security context when the policy supports MCS / MLS, then the appropriate level or range should be added (generally an object like a file has a level, and a user or process (a subject) has a level and range, although directories can have a range if they support polyinstantiation).<br /> <br /> == Global Configuration Files ==<br /> * The following files are described in the [[GlobalConfigurationFiles|Global Configuration Files]] section:<br /> ** /etc/selinux/config File<br /> ** /etc/selinux/semanage.conf File<br /> ** /etc/selinux/restorecond.conf File<br /> ** /etc/sestatus.conf File<br /> ** /etc/security/sepermit.conf File<br /> <br /> == Policy Store Configuration Files ==<br /> * The following files are described in the [[PolicyStoreConfigurationFiles|Policy Store Configuration Files]] section:<br /> ** base.pp File<br /> ** base.linked File<br /> ** commit_num File<br /> ** file_contexts.template File<br /> ** file_contexts File<br /> ** homedir_template File<br /> ** file_contexts.homedirs File<br /> ** netfilter_contexts &amp; netfilter.local File<br /> ** policy.kern File<br /> ** seusers.final and seusers Files<br /> ** users_extra, users_extra.local and users.local Files<br /> ** booleans.local File<br /> ** file_contexts.local File<br /> ** interfaces.local File<br /> ** nodes.local File<br /> ** ports.local File<br /> ** modules Directory Contents<br /> <br /> == Policy Configuration Files ==<br /> * The following files are described in the [[PolicyConfigurationFiles|PolicyConfiguration Files]] section:<br /> ** seusers File<br /> ** setrans.conf File<br /> ** &lt;nowiki&gt;policy/policy[ver] File&lt;/nowiki&gt;<br /> ** contexts/customizable_types File<br /> ** contexts/default_contexts File<br /> ** contexts/debus_contexts File<br /> ** contexts/default_type File<br /> ** contexts/failsafe_context File<br /> ** contexts/initrc_context File<br /> ** contexts/netfilter_contexts File<br /> ** contexts/removable_contexts File<br /> ** contexts/securetty_types File<br /> ** contexts/userhelper_context File<br /> ** contexts/x_contexts File<br /> ** contexts/files/file_contexts File<br /> ** contexts/files/file_contexts.local File<br /> ** contexts/files/file_contexts.homedirs File<br /> ** contexts/files/media File<br /> ** &lt;nowiki&gt;contexts/users/[seuser_id] File&lt;/nowiki&gt;<br /> <br /> <br /> * [Ref 1] - They should NOT be edited as together they describe the 'policy'.<br /> * [Ref 2] - The system-config-selinux GUI (supplied in the polycoreutils-gui rpm) can also be used to manage users, booleans and the general configuration of SELinux as it calls semanage, however it does not manage all that the semanage command can (it also gets bitter &amp; twisted if there are no MCS/MLS labels on some operations).<br /> * [Ref 3] - The 'active policy' is pointed to by an entry in the /etc/selinux/config file discussed in the /etc/selinux/config file section.</div> RichardHaines