Chapter 9. Customizing SELinux Policies
Chapter 8 explained the syntax and operation of
the statements that make up the SELinux policy language. This chapter
explains how to customize SELinux policies. It begins by reviewing
the structure of the SELinux policy source tree and the
Makefile that's used to
compile, build, and load an SELinux policy. The chapter then explains
several typical policy customizations of the sort
you're most likely to perform. Most often,
you'll use customizations recommended by the
Audit2allow program. However, you'll need to
carefully review such recommendations rather than blindly implement
them. Otherwise, you may extend an unnecessarily broad set of
permissions, thereby compromising system security. The chapter
concludes with descriptions of some policy management tools, along
with hints and procedures for using them.
|
No comments:
Post a Comment