لطفا منتظر باشید ...
7.2 Review of SELinux Policy Syntax
As explained in Chapter 6, an SELinux policy
consists of 11 elements,
several of which are optional:classes
Defines the security object classes
recognized by SELinux.
initial_sids
Defines initial SIDs for important
security objects.
access_vectors
Defines access vectors associated with
each security object class.
mls
Defines
MLS configuration (optional).
te_rbac
Defines type-enforcement and role-based
access control configuration.
users
Defines
the user configuration.
constraints
Defines constraints that the security
policy must observe (optional).
initial_sid_contexts
Defines the security contexts of
important security objects.
fs_use
Defines the method of labeling of
filesystem inodes.
genfs_contexts
Defines security contexts for
filesystems lacking persistent labels (optional).
net_contexts
Defines security contexts for network
objects.
The te_rbac
element specifies both the role-based
access control policies and the type-enforcement policies. Within the
element, role-based access control and type-enforcement declarations
can be freely intermingled. The following section explains the
SELinux type-enforcement declarations.
