Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Apply SeLinux policy to *nix device files
Special Forums Cybersecurity Apply SeLinux policy to *nix device files Post 302920682 by NYG71 on Friday 10th of October 2014 11:08:53 PM
Old 10-11-2014
Error Apply SeLinux policy to *nix device files
If its possible to apply SELinux policies to unix device files, would that be a problem?

I would like to apply a policy to a process and enforce what it can communicate with device-wise (eg. physical network interface port) based on that policy.

Would think that the "selinux-policy-mls" tool could give me that level of segmentation with SELinux?

Thoughts/suggestions?
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Apply transformation logic in 2 different files

:)Transformation logic on column values in two different files, File A 12345,000,4444, HKD3.5 12346,000,5555, HKD3.5 File B 12345,4444,54321,6666 12346,5555, 64321,7777 12347,5555, 65321,8888 Requirement as below 1.read file A 2. match with File B ie if (fileA.column1... (1 Reply)
Discussion started by: HAA
1 Replies

2. UNIX for Dummies Questions & Answers

Let GID apply to new files in directory

Hi, Does anyone know if it is possible to override the GID which files have when they are created in a specific folder? I want the given GID for the folder to apply to the new files created in the folder, no matter what group the owner of the files have... I have tried sticky bits but doesn't... (1 Reply)
Discussion started by: linge
1 Replies

3. Linux

SELinux policy compiler errors for 2.6.26.8.tex1

Hello all! I am trying to enable SELinux on bootup for my supported kernel 2.6.26.8.tex1 I am running PCLinuxOS 2009 Beta 2 which is based on Mandriva/Mandrake From my reading, I know that I am able to set SELinux to boot (preferably in passive mode) however this would still 'change' my... (2 Replies)
Discussion started by: septima.pars
2 Replies

4. Shell Programming and Scripting

Apply `chmod` for multiple files through FTP

Hi all, Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Discussion started by: Chanakya.m
3 Replies

5. Shell Programming and Scripting

How to apply a regular expression in all the files in a directory

I have say 100 text files (with .txt extension) in a directory. An example of the content in the file is given below "NAME" "cgd1_200" "cgd1_3210" "cgd1_560" "cgd2_2760" "cgd2_290" "cgd3_3210" "cgd3_3310" "cgd3_660" "cgd5_2130" "cgd5_4080" "cgd6_3690" "cgd6_4480" "cgd8_1540"... (2 Replies)
Discussion started by: Lucky Ali
2 Replies

6. Shell Programming and Scripting

Apply 'awk' to all files in a directory or individual files from a command line

Hi All, I am using the awk command to replace ',' by '\t' (tabs) in a csv file. I would like to apply this to all .csv files in a directory and create .txt files with the tabs. How would I do this in a script? I have the following script called "csvtabs": awk 'BEGIN { FS... (4 Replies)
Discussion started by: ScKaSx
4 Replies

7. Shell Programming and Scripting

help using find/xargs to apply mp3gain to files

I need to apply mp3gain (album mode) to all mp3 files in a given directory. Each album is in its own directory under /media/data/music/albums for example: /media/data/music/albums/foo /media/data/music/albums/bar /media/data/music/albums/more What needs to happen is: cd... (4 Replies)
Discussion started by: audiophile
4 Replies

8. Shell Programming and Scripting

reading information from a table and apply a command on multiple files

Hey gyuz, I wanna calculate the number of mapped reads of a bam file in a region of interest. I used this code to do so : samtools view input.bam chrname:region1 > region1.txt This will store all the reads from given bam file within the region of interest in region1.txt Now I have... (5 Replies)
Discussion started by: @man
5 Replies

9. Shell Programming and Scripting

Apply argument to all files in directory

Hi all: i need to run a rather simple command-line argument: head -200 input > output However, I need to do it on several files, all in the same directory. Is this possible? (2 Replies)
Discussion started by: owwow14
2 Replies

10. Shell Programming and Scripting

Apply command to all files in folder

Hi all! I have this command grep -E '^\To: |^\Date: |^\Subject: ' fileA.txt > fileA_1.txt && grep -v '^\To: |^\Date: |^\Subject: ' fileA.txt >> fileA_1.txt && rm fileA.txt && sed -i -e 's/\(Date: \|Subject: \|To: \)//g' fileA_1.txtHow do I apply it to all the files in the folder (each file has a... (7 Replies)
Discussion started by: guilliber
7 Replies

LEARN ABOUT CENTOS

security_mkload_policy

security_load_policy(3) 				     SELinux API documentation					   security_load_policy(3)

NAME

       security_load_policy - load a new SELinux policy

SYNOPSIS

       #include <selinux/selinux.h>

       int security_load_policy(void *data, size_t len);

       int selinux_mkload_policy(int preservebools);

       int selinux_init_load_policy(int *enforce);

DESCRIPTION

       security_load_policy() loads a new policy, returns 0 for success and -1 for error.

       selinux_mkload_policy()	makes  a  policy  image  and  loads  it.  This	function provides a higher level interface for loading policy than
       security_load_policy(), internally determining the right policy version, locating and opening the policy  file,	mapping  it  into  memory,
       manipulating  it  as  needed for current boolean settings and/or local definitions, and then calling security_load_policy to load it.  pre-
       servebools is a boolean flag indicating whether current policy boolean values should be preserved into the new policy (if 1)  or  reset	to
       the  saved policy settings (if 0). The former case is the default for policy reloads, while the latter case is an option for policy reloads
       but is primarily used for the initial policy load.  selinux_init_load_policy() performs the initial policy load. This  function	determines
       the  desired enforcing mode, sets the enforce argument accordingly for the caller to use, sets the SELinux kernel enforcing status to match
       it, and loads the policy. It also internally handles the initial selinuxfs mount required to perform these actions.

       It should also be noted that after the initial policy load, the SELinux kernel code cannot anymore be disabled and the selinuxfs cannot	be
       unmounted  using a call to security_disable(3).	Therefore, after the initial policy load, the only operational changes are those permitted
       by security_setenforce(3) (i.e. eventually setting the framework in permissive mode rather than in enforcing one).

RETURN VALUE

       Returns zero on success or -1 on error.

AUTHOR

       This manual page has been written by Guido Trentalancia <guido@trentalancia.com>

SEE ALSO

       selinux(8), security_disable(3), setenforce(8)

guido@trentalancia.com						  3 November 2009					   security_load_policy(3)
All times are GMT -4. The time now is 09:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy