Difference between revisions of "FileStatements"
(New page: = File System Labeling Statements = There are four types of file labeling statements: fs_use_xattr, fs_use_task, fs_use_trans and genfscon that are explained below. The filesystem identi...) |
|||
Line 1: | Line 1: | ||
− | |||
= File System Labeling Statements = | = File System Labeling Statements = | ||
There are four types of file labeling statements: fs_use_xattr, fs_use_task, fs_use_trans and genfscon that are explained below. | There are four types of file labeling statements: fs_use_xattr, fs_use_task, fs_use_trans and genfscon that are explained below. | ||
Line 5: | Line 4: | ||
The filesystem identifiers (fs_name) used by these statements are defined by the SELinux teams who are responsible for their development, the policy writer then uses those needed to be supported by the policy. | The filesystem identifiers (fs_name) used by these statements are defined by the SELinux teams who are responsible for their development, the policy writer then uses those needed to be supported by the policy. | ||
− | A security context is defined by these filesystem labeling statements, therefore if the policy supports MCS / MLS, then an mls_range is required as described in the MLS range Definition section. | + | A security context is defined by these filesystem labeling statements, therefore if the policy supports MCS / MLS, then an mls_range is required as described in the [[MLSStatements#MLS_range_Definition | MLS range Definition]] section. |
− | == fs_use_xattr | + | == fs_use_xattr == |
− | The fs_use_xattr statement is used to allocate a security context to filesystems that support the extended attribute security.selinux. The labeling is persistent for filesystems that support these extended attributes, and the security context is added to these files (and directories) by the SELinux commands such as setfiles. | + | The fs_use_xattr statement is used to allocate a security context to filesystems that support the extended attribute security.selinux. The labeling is persistent for filesystems that support these extended attributes, and the security context is added to these files (and directories) by the SELinux commands such as setfiles as explained in the [[NB_Objects#Labeling_Extended_Attribute_Filesystems | Labeling Extended Attribute Filesystems]] section. |
'''The statement definition is:''' | '''The statement definition is:''' | ||
Line 16: | Line 15: | ||
'''Where:''' | '''Where:''' | ||
− | {|border="1" | + | |
− | |fs_use_xattr | + | {| border="1" |
− | |The fs_use_xattr keyword. | + | | fs_use_xattr |
+ | | The fs_use_xattr keyword. | ||
|- | |- | ||
− | |fs_name | + | | fs_name |
− | |The filesystem name that supports extended attributes. | + | | The filesystem name that supports extended attributes. Example names are: encfs, ext2, ext3, ext4, ext4dev, gfs, gfs2, jffs2, jfs, lustre and xfs. |
|- | |- | ||
− | |fs_context | + | | fs_context |
− | |The security context allocated to the filesystem. | + | | The security context allocated to the filesystem. |
|} | |} | ||
Line 32: | Line 32: | ||
'''The statement is valid in:''' | '''The statement is valid in:''' | ||
− | {|border="1" | + | |
+ | {| border="1" | ||
|<center>'''Monolithic Policy'''</center> | |<center>'''Monolithic Policy'''</center> | ||
|<center>'''Base Policy'''</center> | |<center>'''Base Policy'''</center> | ||
Line 38: | Line 39: | ||
|- | |- | ||
− | |<center>Yes</center> | + | | <center>'''Yes'''</center> |
− | |<center>Yes</center> | + | | <center>'''Yes'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
|- | |- | ||
− | |<center> | + | | <center>[[ConditionalStatements#if | if Statement]]</center> |
− | |<center> | + | | <center>[[PolicyStatements#optional | optional Statement]] </center> |
− | |<center> | + | | <center>[[PolicyStatements#require | require Statement]] </center> |
|- | |- | ||
− | |<center>No</center> | + | | <center>'''No'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
|} | |} | ||
Line 57: | Line 58: | ||
'''Example:''' | '''Example:''' | ||
<pre> | <pre> | ||
− | + | # These statements define file systems that support extended attributes (security.selinux). | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
fs_use_xattr encfs system_u:object_r:fs_t:s0; | fs_use_xattr encfs system_u:object_r:fs_t:s0; | ||
Line 75: | Line 65: | ||
</pre> | </pre> | ||
− | == fs_use_task | + | |
+ | == fs_use_task == | ||
The fs_use_task statement is used to allocate a security context to pseudo filesystems that support task related services such as pipes and sockets. | The fs_use_task statement is used to allocate a security context to pseudo filesystems that support task related services such as pipes and sockets. | ||
Line 82: | Line 73: | ||
fs_use_task fs_name fs_context; | fs_use_task fs_name fs_context; | ||
</pre> | </pre> | ||
− | |||
'''Where:''' | '''Where:''' | ||
− | {|border="1" | + | |
− | |fs_use_task | + | {| border="1" |
− | |The fs_use_task keyword. | + | | fs_use_task |
+ | | The fs_use_task keyword. | ||
|- | |- | ||
− | |fs_name | + | | fs_name |
− | |Filesystem name that supports task related services. | + | | Filesystem name that supports task related services. Example valid names are: eventpollfs, pipefs and sockfs. |
|- | |- | ||
− | |fs_context | + | | fs_context |
− | |The security context allocated to the task based filesystem. | + | | The security context allocated to the task based filesystem. |
|} | |} | ||
Line 101: | Line 92: | ||
'''The statement is valid in:''' | '''The statement is valid in:''' | ||
− | {|border="1" | + | |
+ | {| border="1" | ||
|<center>'''Monolithic Policy'''</center> | |<center>'''Monolithic Policy'''</center> | ||
|<center>'''Base Policy'''</center> | |<center>'''Base Policy'''</center> | ||
Line 107: | Line 99: | ||
|- | |- | ||
− | |<center>Yes</center> | + | | <center>'''Yes'''</center> |
− | |<center>Yes</center> | + | | <center>'''Yes'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
|- | |- | ||
− | |<center> | + | | <center>[[ConditionalStatements#if | if Statement]]</center> |
− | |<center> | + | | <center>[[PolicyStatements#optional | optional Statement]] </center> |
− | |<center> | + | | <center>[[PolicyStatements#require | require Statement]] </center> |
|- | |- | ||
− | |<center>No</center> | + | | <center>'''No'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
|} | |} | ||
Line 126: | Line 118: | ||
'''Example:''' | '''Example:''' | ||
<pre> | <pre> | ||
− | + | # These statements define the file systems that support pseudo | |
− | + | # filesystems that represent objects like pipes and sockets, so | |
− | + | # that these objects are labeled with the same type as the creating task. | |
− | + | # | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
fs_use_task eventpollfs system_u:object_r:fs_t:s0; | fs_use_task eventpollfs system_u:object_r:fs_t:s0; | ||
Line 151: | Line 129: | ||
− | == fs_use_trans | + | == fs_use_trans == |
The fs_use_trans statement is used to allocate a security context to pseudo filesystems such as pseudo terminals and temporary objects. The assigned context is derived from the creating process and that of the filesystem type based on transition rules. | The fs_use_trans statement is used to allocate a security context to pseudo filesystems such as pseudo terminals and temporary objects. The assigned context is derived from the creating process and that of the filesystem type based on transition rules. | ||
Line 158: | Line 136: | ||
fs_use_trans fs_name fs_context; | fs_use_trans fs_name fs_context; | ||
</pre> | </pre> | ||
− | |||
'''Where:''' | '''Where:''' | ||
− | {|border="1" | + | |
− | |fs_use_trans | + | {| border="1" |
− | |The fs_use_trans keyword. | + | | fs_use_trans |
+ | | The fs_use_trans keyword. | ||
|- | |- | ||
− | |fs_name | + | | fs_name |
− | |Filesystem name that supports transition rules. | + | | Filesystem name that supports transition rules. Example names are: mqueue, shm, tmpfs and devpts. |
|- | |- | ||
− | |fs_context | + | | fs_context |
− | |The security context allocated to the transition based on that of the filesystem. | + | | The security context allocated to the transition based on that of the filesystem. |
|} | |} | ||
Line 177: | Line 155: | ||
'''The statement is valid in:''' | '''The statement is valid in:''' | ||
− | {|border="1" | + | |
+ | {| border="1" | ||
|<center>'''Monolithic Policy'''</center> | |<center>'''Monolithic Policy'''</center> | ||
|<center>'''Base Policy'''</center> | |<center>'''Base Policy'''</center> | ||
Line 183: | Line 162: | ||
|- | |- | ||
− | |<center>Yes</center> | + | | <center>'''Yes'''</center> |
− | |<center>Yes</center> | + | | <center>'''Yes'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
|- | |- | ||
− | |<center> | + | | <center>[[ConditionalStatements#if | if Statement]]</center> |
− | |<center> | + | | <center>[[PolicyStatements#optional | optional Statement]] </center> |
− | |<center> | + | | <center>[[PolicyStatements#require | require Statement]] </center> |
|- | |- | ||
− | |<center>No</center> | + | | <center>'''No'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
|} | |} | ||
Line 202: | Line 181: | ||
'''Example:''' | '''Example:''' | ||
<pre> | <pre> | ||
− | + | # These statements define pseudo filesystems such as devpts | |
− | + | # and tmpfs where objects are labeled with a derived context. | |
− | + | # | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
fs_use_trans mqueue system_u:object_r:tmpfs_t:s0; | fs_use_trans mqueue system_u:object_r:tmpfs_t:s0; | ||
Line 225: | Line 192: | ||
− | == genfscon | + | == genfscon == |
The genfscon statement is used to allocate a security context to filesystems that cannot support any of the other file labeling statements (fs_use_xattr, fs_use_task or fs_use_trans). Generally a filesystem would have a single default security context assigned by genfscon from the root (/) that would then be inherited by all files and directories on that filesystem. The exception to this is the /proc filesystem, where directories can be labeled with a specific security context (as shown in the examples). Note that there is no terminating semi-colon (<nowiki>;</nowiki>) on this statement. | The genfscon statement is used to allocate a security context to filesystems that cannot support any of the other file labeling statements (fs_use_xattr, fs_use_task or fs_use_trans). Generally a filesystem would have a single default security context assigned by genfscon from the root (/) that would then be inherited by all files and directories on that filesystem. The exception to this is the /proc filesystem, where directories can be labeled with a specific security context (as shown in the examples). Note that there is no terminating semi-colon (<nowiki>;</nowiki>) on this statement. | ||
Line 234: | Line 201: | ||
'''Where:''' | '''Where:''' | ||
− | {|border="1" | + | |
− | |genfscon | + | {| border="1" |
− | |The genfscon keyword. | + | | genfscon |
+ | | The genfscon keyword. | ||
|- | |- | ||
− | |fs_name | + | | fs_name |
− | |The filesystem name. | + | | The filesystem name. |
|- | |- | ||
− | |partial_path | + | | partial_path |
− | |If fs_name is proc, then the partial path (see the examples). For all other types, this must be '/'. | + | | If fs_name is proc, then the partial path (see the examples). For all other types, this must be '/'. |
|- | |- | ||
− | |fs_context | + | | fs_context |
− | |The security context allocated to the filesystem | + | | The security context allocated to the filesystem |
|} | |} | ||
Line 254: | Line 222: | ||
'''The statement is valid in:''' | '''The statement is valid in:''' | ||
− | {|border="1" | + | |
+ | {| border="1" | ||
|<center>'''Monolithic Policy'''</center> | |<center>'''Monolithic Policy'''</center> | ||
|<center>'''Base Policy'''</center> | |<center>'''Base Policy'''</center> | ||
Line 260: | Line 229: | ||
|- | |- | ||
− | |<center>Yes</center> | + | | <center>'''Yes'''</center> |
− | |<center>Yes</center> | + | | <center>'''Yes'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
|- | |- | ||
− | |<center> | + | | <center>[[ConditionalStatements#if | if Statement]]</center> |
− | |<center> | + | | <center>[[PolicyStatements#optional | optional Statement]] </center> |
− | |<center> | + | | <center>[[PolicyStatements#require | require Statement]] </center> |
|- | |- | ||
− | |<center>No</center> | + | | <center>'''No'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
− | |<center>No</center> | + | | <center>'''No'''</center> |
|} | |} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
'''MLS Examples:''' | '''MLS Examples:''' | ||
<pre> | <pre> | ||
− | + | # The following examples show those filesystems that only | |
− | + | # support a single security context across the filesystem | |
− | + | # with the MLS levels added. | |
genfscon msdos / system_u:object_r:dosfs_t:s0 | genfscon msdos / system_u:object_r:dosfs_t:s0 | ||
Line 306: | Line 256: | ||
genfscon usbfs / system_u:object_r:usbfs_t:s0 | genfscon usbfs / system_u:object_r:usbfs_t:s0 | ||
genfscon selinuxfs / system_u:object_r:security_t:s0 | genfscon selinuxfs / system_u:object_r:security_t:s0 | ||
− | + | </pre> | |
− | < | + | <pre> |
− | + | # The following show some example /proc entries. Note that the | |
− | + | # /kmsg has the highest sensitivity level assigned (s15) because | |
+ | # it is a trusted process. | ||
genfscon proc / system_u:object_r:proc_t:s0 | genfscon proc / system_u:object_r:proc_t:s0 | ||
Line 316: | Line 267: | ||
genfscon proc /kmsg system_u:object_r:proc_kmsg_t:s15:c0.c255 | genfscon proc /kmsg system_u:object_r:proc_kmsg_t:s15:c0.c255 | ||
</pre> | </pre> | ||
+ | |||
+ | |||
+ | {| style="width: 100%;" border="0" | ||
+ | |- | ||
+ | | [[SIDStatements | '''Previous''']] | ||
+ | | <center>[[NewUsers | '''Home''']]</center> | ||
+ | | <center>[[NetworkStatements | '''Next''']]</center> | ||
+ | |} | ||
+ | |||
+ | |||
+ | ---- | ||
+ | <references/> | ||
+ | |||
+ | [[Category:Notebook]] |
Latest revision as of 13:03, 28 January 2015
Contents
File System Labeling Statements
There are four types of file labeling statements: fs_use_xattr, fs_use_task, fs_use_trans and genfscon that are explained below.
The filesystem identifiers (fs_name) used by these statements are defined by the SELinux teams who are responsible for their development, the policy writer then uses those needed to be supported by the policy.
A security context is defined by these filesystem labeling statements, therefore if the policy supports MCS / MLS, then an mls_range is required as described in the MLS range Definition section.
fs_use_xattr
The fs_use_xattr statement is used to allocate a security context to filesystems that support the extended attribute security.selinux. The labeling is persistent for filesystems that support these extended attributes, and the security context is added to these files (and directories) by the SELinux commands such as setfiles as explained in the Labeling Extended Attribute Filesystems section.
The statement definition is:
fs_use_xattr fs_name fs_context;
Where:
fs_use_xattr | The fs_use_xattr keyword. |
fs_name | The filesystem name that supports extended attributes. Example names are: encfs, ext2, ext3, ext4, ext4dev, gfs, gfs2, jffs2, jfs, lustre and xfs. |
fs_context | The security context allocated to the filesystem. |
The statement is valid in:
|
|
|
|
|
|
|
|
|
Example:
# These statements define file systems that support extended attributes (security.selinux). fs_use_xattr encfs system_u:object_r:fs_t:s0; fs_use_xattr ext2 system_u:object_r:fs_t:s0; fs_use_xattr ext3 system_u:object_r:fs_t:s0;
fs_use_task
The fs_use_task statement is used to allocate a security context to pseudo filesystems that support task related services such as pipes and sockets.
The statement definition is:
fs_use_task fs_name fs_context;
Where:
fs_use_task | The fs_use_task keyword. |
fs_name | Filesystem name that supports task related services. Example valid names are: eventpollfs, pipefs and sockfs. |
fs_context | The security context allocated to the task based filesystem. |
The statement is valid in:
|
|
|
|
|
|
|
|
|
Example:
# These statements define the file systems that support pseudo # filesystems that represent objects like pipes and sockets, so # that these objects are labeled with the same type as the creating task. # fs_use_task eventpollfs system_u:object_r:fs_t:s0; fs_use_task pipefs system_u:object_r:fs_t:s0; fs_use_task sockfs system_u:object_r:fs_t:s0;
fs_use_trans
The fs_use_trans statement is used to allocate a security context to pseudo filesystems such as pseudo terminals and temporary objects. The assigned context is derived from the creating process and that of the filesystem type based on transition rules.
The statement definition is:
fs_use_trans fs_name fs_context;
Where:
fs_use_trans | The fs_use_trans keyword. |
fs_name | Filesystem name that supports transition rules. Example names are: mqueue, shm, tmpfs and devpts. |
fs_context | The security context allocated to the transition based on that of the filesystem. |
The statement is valid in:
|
|
|
|
|
|
|
|
|
Example:
# These statements define pseudo filesystems such as devpts # and tmpfs where objects are labeled with a derived context. # fs_use_trans mqueue system_u:object_r:tmpfs_t:s0; fs_use_trans shm system_u:object_r:tmpfs_t:s0; fs_use_trans tmpfs system_u:object_r:tmpfs_t:s0; fs_use_trans devpts system_u:object_r:devpts_t:s0;
genfscon
The genfscon statement is used to allocate a security context to filesystems that cannot support any of the other file labeling statements (fs_use_xattr, fs_use_task or fs_use_trans). Generally a filesystem would have a single default security context assigned by genfscon from the root (/) that would then be inherited by all files and directories on that filesystem. The exception to this is the /proc filesystem, where directories can be labeled with a specific security context (as shown in the examples). Note that there is no terminating semi-colon (;) on this statement.
The statement definition is:
genfscon fs_name partial_path fs_context
Where:
genfscon | The genfscon keyword. |
fs_name | The filesystem name. |
partial_path | If fs_name is proc, then the partial path (see the examples). For all other types, this must be '/'. |
fs_context | The security context allocated to the filesystem |
The statement is valid in:
|
|
|
|
|
|
|
|
|
MLS Examples:
# The following examples show those filesystems that only # support a single security context across the filesystem # with the MLS levels added. genfscon msdos / system_u:object_r:dosfs_t:s0 genfscon iso9660 / system_u:object_r:iso9660_t:s0 genfscon usbfs / system_u:object_r:usbfs_t:s0 genfscon selinuxfs / system_u:object_r:security_t:s0
# The following show some example /proc entries. Note that the # /kmsg has the highest sensitivity level assigned (s15) because # it is a trusted process. genfscon proc / system_u:object_r:proc_t:s0 genfscon proc /sysvipc system_u:object_r:proc_t:s0 genfscon proc /fs/openafs system_u:object_r:proc_afs_t:s0 genfscon proc /kmsg system_u:object_r:proc_kmsg_t:s15:c0.c255
Previous | |
|