10-11-2014
Apply SeLinux policy to *nix device files
If its possible to apply SELinux policies to unix device files, would that be a problem?
I would like to apply a policy to a process and enforce what it can communicate with device-wise (eg. physical network interface port) based on that policy.
Would think that the "selinux-policy-mls" tool could give me that level of segmentation with SELinux?
Thoughts/suggestions?
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
:)Transformation logic on column values in two different files,
File A
12345,000,4444, HKD3.5
12346,000,5555, HKD3.5
File B
12345,4444,54321,6666
12346,5555, 64321,7777
12347,5555, 65321,8888
Requirement as below
1.read file A
2. match with File B ie
if (fileA.column1... (1 Reply)
Discussion started by: HAA
1 Replies
2. UNIX for Dummies Questions & Answers
Hi,
Does anyone know if it is possible to override the GID which files have when they are created in a specific folder?
I want the given GID for the folder to apply to the new files created in the folder, no matter what group the owner of the files have...
I have tried sticky bits but doesn't... (1 Reply)
Discussion started by: linge
1 Replies
3. Linux
Hello all!
I am trying to enable SELinux on bootup for my supported kernel
2.6.26.8.tex1
I am running PCLinuxOS 2009 Beta 2 which is based on Mandriva/Mandrake
From my reading, I know that I am able to set SELinux to boot (preferably in passive mode) however this would still 'change' my... (2 Replies)
Discussion started by: septima.pars
2 Replies
4. Shell Programming and Scripting
Hi all,
Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Discussion started by: Chanakya.m
3 Replies
5. Shell Programming and Scripting
I have say 100 text files (with .txt extension) in a directory.
An example of the content in the file is given below
"NAME"
"cgd1_200"
"cgd1_3210"
"cgd1_560"
"cgd2_2760"
"cgd2_290"
"cgd3_3210"
"cgd3_3310"
"cgd3_660"
"cgd5_2130"
"cgd5_4080"
"cgd6_3690"
"cgd6_4480"
"cgd8_1540"... (2 Replies)
Discussion started by: Lucky Ali
2 Replies
6. Shell Programming and Scripting
Hi All,
I am using the awk command to replace ',' by '\t' (tabs) in a csv file. I would like to apply this to all .csv files in a directory and create .txt files with the tabs.
How would I do this in a script?
I have the following script called "csvtabs":
awk 'BEGIN {
FS... (4 Replies)
Discussion started by: ScKaSx
4 Replies
7. Shell Programming and Scripting
I need to apply mp3gain (album mode) to all mp3 files in a given directory. Each album is in its own directory under /media/data/music/albums for example:
/media/data/music/albums/foo
/media/data/music/albums/bar
/media/data/music/albums/more
What needs to happen is:
cd... (4 Replies)
Discussion started by: audiophile
4 Replies
8. Shell Programming and Scripting
Hey gyuz,
I wanna calculate the number of mapped reads of a bam file in a region of interest. I used this code to do so :
samtools view input.bam chrname:region1 > region1.txt
This will store all the reads from given bam file within the region of interest in region1.txt
Now I have... (5 Replies)
Discussion started by: @man
5 Replies
9. Shell Programming and Scripting
Hi all:
i need to run a rather simple command-line argument:
head -200 input > output
However, I need to do it on several files, all in the same directory.
Is this possible? (2 Replies)
Discussion started by: owwow14
2 Replies
10. Shell Programming and Scripting
Hi all!
I have this command
grep -E '^\To: |^\Date: |^\Subject: ' fileA.txt > fileA_1.txt && grep -v '^\To: |^\Date: |^\Subject: ' fileA.txt >> fileA_1.txt && rm fileA.txt && sed -i -e 's/\(Date: \|Subject: \|To: \)//g' fileA_1.txtHow do I apply it to all the files in the folder (each file has a... (7 Replies)
Discussion started by: guilliber
7 Replies
LEARN ABOUT LINUX
checkpolicy
CHECKPOLICY(8) System Manager's Manual CHECKPOLICY(8)
NAME
checkpolicy - SELinux policy compiler
SYNOPSIS
checkpolicy [-b] [-d] [-M] [-c policyvers] [-o output_file] [input_file]
DESCRIPTION
This manual page describes the checkpolicy command.
checkpolicy is a program that checks and compiles a SELinux security policy configuration into a binary representation that can be loaded
into the kernel. If no input file name is specified, checkpolicy will attempt to read from policy.conf or policy, depending on whether the
-b flag is specified.
OPTIONS
-b,--binary
Read an existing binary policy file rather than a source policy.conf file.
-d,--debug
Enter debug mode after loading the policy.
-M,--mls
Enable the MLS policy when checking and compiling the policy.
-o,--output filename
Write a binary policy file to the specified filename.
-c policyvers
Specify the policy version, defaults to the latest.
-t,--target
Specify the target platform (selinux or xen).
-U,--handle-unknown <action>
Specify how the kernel should handle unknown classes or permissions (deny, allow or reject).
-V,--version
Show version information.
-h,--help
Show usage information.
SEE ALSO
SELinux documentation at http://www.nsa.gov/selinux, especially "Configuring the SELinux Policy".
AUTHOR
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>, and edited by Stephen Smalley <sds@epoch.ncsc.mil>. The program
was written by Stephen Smalley <sds@epoch.ncsc.mil>.
CHECKPOLICY(8)