Apply SeLinux policy to *nix device files


 
Thread Tools Search this Thread
Special Forums Cybersecurity Apply SeLinux policy to *nix device files
# 1  
Old 10-11-2014
Error Apply SeLinux policy to *nix device files

If its possible to apply SELinux policies to unix device files, would that be a problem?

I would like to apply a policy to a process and enforce what it can communicate with device-wise (eg. physical network interface port) based on that policy.

Would think that the "selinux-policy-mls" tool could give me that level of segmentation with SELinux?

Thoughts/suggestions?
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Apply command to all files in folder

Hi all! I have this command grep -E '^\To: |^\Date: |^\Subject: ' fileA.txt > fileA_1.txt && grep -v '^\To: |^\Date: |^\Subject: ' fileA.txt >> fileA_1.txt && rm fileA.txt && sed -i -e 's/\(Date: \|Subject: \|To: \)//g' fileA_1.txtHow do I apply it to all the files in the folder (each file has a... (7 Replies)
Discussion started by: guilliber
7 Replies

2. Shell Programming and Scripting

Apply argument to all files in directory

Hi all: i need to run a rather simple command-line argument: head -200 input > output However, I need to do it on several files, all in the same directory. Is this possible? (2 Replies)
Discussion started by: owwow14
2 Replies

3. Shell Programming and Scripting

reading information from a table and apply a command on multiple files

Hey gyuz, I wanna calculate the number of mapped reads of a bam file in a region of interest. I used this code to do so : samtools view input.bam chrname:region1 > region1.txt This will store all the reads from given bam file within the region of interest in region1.txt Now I have... (5 Replies)
Discussion started by: @man
5 Replies

4. Shell Programming and Scripting

help using find/xargs to apply mp3gain to files

I need to apply mp3gain (album mode) to all mp3 files in a given directory. Each album is in its own directory under /media/data/music/albums for example: /media/data/music/albums/foo /media/data/music/albums/bar /media/data/music/albums/more What needs to happen is: cd... (4 Replies)
Discussion started by: audiophile
4 Replies

5. Shell Programming and Scripting

Apply 'awk' to all files in a directory or individual files from a command line

Hi All, I am using the awk command to replace ',' by '\t' (tabs) in a csv file. I would like to apply this to all .csv files in a directory and create .txt files with the tabs. How would I do this in a script? I have the following script called "csvtabs": awk 'BEGIN { FS... (4 Replies)
Discussion started by: ScKaSx
4 Replies

6. Shell Programming and Scripting

How to apply a regular expression in all the files in a directory

I have say 100 text files (with .txt extension) in a directory. An example of the content in the file is given below "NAME" "cgd1_200" "cgd1_3210" "cgd1_560" "cgd2_2760" "cgd2_290" "cgd3_3210" "cgd3_3310" "cgd3_660" "cgd5_2130" "cgd5_4080" "cgd6_3690" "cgd6_4480" "cgd8_1540"... (2 Replies)
Discussion started by: Lucky Ali
2 Replies

7. Shell Programming and Scripting

Apply `chmod` for multiple files through FTP

Hi all, Can you please help me in this aspect. I devoloped a FTP script to copy a directory to remote server. Now i got stuck-up in changing the file permissions for all the files in directory. I tried to change the permissions of single file and I did it but failed in changing... (3 Replies)
Discussion started by: Chanakya.m
3 Replies

8. Linux

SELinux policy compiler errors for 2.6.26.8.tex1

Hello all! I am trying to enable SELinux on bootup for my supported kernel 2.6.26.8.tex1 I am running PCLinuxOS 2009 Beta 2 which is based on Mandriva/Mandrake From my reading, I know that I am able to set SELinux to boot (preferably in passive mode) however this would still 'change' my... (2 Replies)
Discussion started by: septima.pars
2 Replies

9. UNIX for Dummies Questions & Answers

Let GID apply to new files in directory

Hi, Does anyone know if it is possible to override the GID which files have when they are created in a specific folder? I want the given GID for the folder to apply to the new files created in the folder, no matter what group the owner of the files have... I have tried sticky bits but doesn't... (1 Reply)
Discussion started by: linge
1 Replies

10. Shell Programming and Scripting

Apply transformation logic in 2 different files

:)Transformation logic on column values in two different files, File A 12345,000,4444, HKD3.5 12346,000,5555, HKD3.5 File B 12345,4444,54321,6666 12346,5555, 64321,7777 12347,5555, 65321,8888 Requirement as below 1.read file A 2. match with File B ie if (fileA.column1... (1 Reply)
Discussion started by: HAA
1 Replies
Login or Register to Ask a Question
selinux(8)						SELinux Command Line documentation						selinux(8)

NAME
SELinux - NSA Security-Enhanced Linux (SELinux) DESCRIPTION
NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating sys- tem. The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement(R), Role- Based Access Control, and Multi-Level Security. Background information and tech- nical documentation about SELinux can be found at http://www.nsa.gov/selinux. The /etc/selinux/config configuration file controls whether SELinux is enabled or disabled, and if enabled, whether SELinux operates in permissive mode or enforcing mode. The SELINUX variable may be set to any one of disabled, permissive, or enforcing to select one of these options. The disabled option completely disables the SELinux kernel and application code, leaving the system running without any SELinux protection. The permissive option enables the SELinux code, but causes it to operate in a mode where accesses that would be denied by pol- icy are permitted but audited. The enforcing option enables the SELinux code and causes it to enforce access denials as well as auditing them. Permissive mode may yield a different set of denials than enforcing mode, both because enforcing mode will prevent an operation from proceeding past the first denial and because some application code will fall back to a less privileged mode of operation if denied access. The /etc/selinux/config configuration file also controls what policy is active on the system. SELinux allows for multiple policies to be installed on the system, but only one policy may be active at any given time. At present, two kinds of SELinux policy exist: targeted and strict. The targeted policy is designed as a policy where most processes operate without restrictions, and only specific services are placed into distinct security domains that are confined by the policy. For example, the user would run in a completely unconfined domain while the named daemon or apache daemon would run in a specific domain tailored to its operation. The strict policy is designed as a pol- icy where all processes are partitioned into fine-grained security domains and confined by policy. It is anticipated in the future that other policies will be created (Multi-Level Security for example). You can define which policy you will run by setting the SELINUXTYPE environment variable within /etc/selinux/config. The corresponding policy configuration for each such policy must be installed in the /etc/selinux/SELINUXTYPE/ directories. A given SELinux policy can be customized further based on a set of compile-time tunable options and a set of runtime policy booleans. sys- tem-config-securitylevel allows customization of these booleans and tunables. Many domains that are protected by SELinux also include SELinux man pages explaining how to customize their policy. FILE LABELING
All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system. Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non SELinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling. The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files. AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>. SEE ALSO
booleans(8), setsebool(8), selinuxenabled(1), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8) FILES
/etc/selinux/config dwalsh@redhat.com 29 Apr 2005 selinux(8)