PolicyStoreConfigurationFiles - Revision history http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&action=history Revision history for this page on the wiki en MediaWiki 1.23.13 Tue, 19 Mar 2024 05:02:49 GMT RichardHaines: /* modules/active/disable_dontaudit File */ http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1807&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1807&oldid=prev <p>‎<span dir="auto"><span class="autocomment">modules/active/disable_dontaudit File</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 14:28, 25 September 2015</td> </tr><tr><td colspan="2" class="diff-lineno">Line 544:</td> <td colspan="2" class="diff-lineno">Line 544:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/disable_dontaudit File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/disable_dontaudit File ==</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This file will only exist if the policy build specified that [[<del class="diffchange diffchange-inline">KernelPolicyLanguage</del>#dontaudit | dontaudit]] rules should be disabled.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This file will only exist if the policy build specified that [[<ins class="diffchange diffchange-inline">AVCRules</ins>#dontaudit | dontaudit]] rules should be disabled.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/modules Directory Contents ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/modules Directory Contents ==</div></td></tr> </table> Fri, 25 Sep 2015 14:28:40 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines: /* modules/active/interfaces.local File */ http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1806&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1806&oldid=prev <p>‎<span dir="auto"><span class="autocomment">modules/active/interfaces.local File</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 14:28, 25 September 2015</td> </tr><tr><td colspan="2" class="diff-lineno">Line 528:</td> <td colspan="2" class="diff-lineno">Line 528:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This file is created and updated by the semanage interface command to hold network interface information that was not delivered by the core policy (i.e. they are not defined in base.conf file). The new interface information is then built into the policy by the '''semanage'''(8) command.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This file is created and updated by the semanage interface command to hold network interface information that was not delivered by the core policy (i.e. they are not defined in base.conf file). The new interface information is then built into the policy by the '''semanage'''(8) command.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Each line of the file contains a netifcon statement that is defined along with examples in the [[<del class="diffchange diffchange-inline">KernelPolicyLanguage</del>#netifcon | netifcon]] statement section.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Each line of the file contains a netifcon statement that is defined along with examples in the [[<ins class="diffchange diffchange-inline">NetworkStatements</ins>#netifcon | netifcon]] statement section.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/nodes.local File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/nodes.local File ==</div></td></tr> </table> Fri, 25 Sep 2015 14:28:02 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines: /* modules/active/file_contexts.homedirs File */ http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1805&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1805&oldid=prev <p>‎<span dir="auto"><span class="autocomment">modules/active/file_contexts.homedirs File</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 14:25, 25 September 2015</td> </tr><tr><td colspan="2" class="diff-lineno">Line 251:</td> <td colspan="2" class="diff-lineno">Line 251:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/file_contexts.homedirs File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/file_contexts.homedirs File ==</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This file becomes the policies [[PolicyConfigurationFiles#contexts/files/file_contexts.homedirs | contexts/files/file_contexts.homedirs]] file when building policy as shown in the [http://<del class="diffchange diffchange-inline">taiga.</del>selinuxproject.org/~rhaines/NB4-diagrams/25-file_contexts.png File Context Configuration Files] diagram. It is then used by the file labeling utilities to ensure that users home directory areas are labeled according to the policy. &#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This file becomes the policies [[PolicyConfigurationFiles#contexts/files/file_contexts.homedirs | contexts/files/file_contexts.homedirs]] file when building policy as shown in the [http://selinuxproject.org/~rhaines/NB4-diagrams/25-file_contexts.png File Context Configuration Files] diagram. It is then used by the file labeling utilities to ensure that users home directory areas are labeled according to the policy. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The file can be built by the genhomedircon command (that just calls /usr/sbin/semodule -Bn) or if using semanage with user or login options to manage users, where it is called automatically as it is now a libsepol library function. &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The file can be built by the genhomedircon command (that just calls /usr/sbin/semodule -Bn) or if using semanage with user or login options to manage users, where it is called automatically as it is now a libsepol library function. &#160;</div></td></tr> </table> Fri, 25 Sep 2015 14:25:34 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines: /* modules/active/file_contexts File */ http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1804&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1804&oldid=prev <p>‎<span dir="auto"><span class="autocomment">modules/active/file_contexts File</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 14:24, 25 September 2015</td> </tr><tr><td colspan="2" class="diff-lineno">Line 171:</td> <td colspan="2" class="diff-lineno">Line 171:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/file_contexts File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/file_contexts File ==</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This file becomes the policies [[PolicyConfigurationFiles#contexts/files/file_contexts | contexts/files/file_contexts]] file and is built from entries in the [[#modules/active/file_contexts.template | modules/active/file_contexts.template]] file as explained above and shown in the [http://<del class="diffchange diffchange-inline">taiga.</del>selinuxproject.org/~rhaines/NB4-diagrams/25-file_contexts.png File Context Configuration Files] diagram. It is then used by the file labeling utilities to ensure that files and directories are labeled according to the policy.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This file becomes the policies [[PolicyConfigurationFiles#contexts/files/file_contexts | contexts/files/file_contexts]] file and is built from entries in the [[#modules/active/file_contexts.template | modules/active/file_contexts.template]] file as explained above and shown in the [http://selinuxproject.org/~rhaines/NB4-diagrams/25-file_contexts.png File Context Configuration Files] diagram. It is then used by the file labeling utilities to ensure that files and directories are labeled according to the policy.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The format of the file_contexts file is the same as the [[#modules/active/file_contexts.template | modules/active/file_contexts.template]] file.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The format of the file_contexts file is the same as the [[#modules/active/file_contexts.template | modules/active/file_contexts.template]] file.</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 231:</td> <td colspan="2" class="diff-lineno">Line 231:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/homedir_template File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/homedir_template File ==</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This file is built from entries in the [[#modules/active/file_contexts.template | file_contexts.template]] file (as shown in the [http://<del class="diffchange diffchange-inline">taiga.</del>selinuxproject.org/~rhaines/NB4-diagrams/25-file_contexts.png File Context Configuration Files] diagram) and explained in the [[#modules/modules/active/file_contexts.template | modules/active/file_contexts.template]] section. &#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This file is built from entries in the [[#modules/active/file_contexts.template | file_contexts.template]] file (as shown in the [http://selinuxproject.org/~rhaines/NB4-diagrams/25-file_contexts.png File Context Configuration Files] diagram) and explained in the [[#modules/modules/active/file_contexts.template | modules/active/file_contexts.template]] section. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The file is used by genhomedircon, semanage login or semanage user to generate individual user entries in the [[#modules/active/file_contexts.homedirs | file_contexts.homedirs]] file.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The file is used by genhomedircon, semanage login or semanage user to generate individual user entries in the [[#modules/active/file_contexts.homedirs | file_contexts.homedirs]] file.</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 249:</td> <td colspan="2" class="diff-lineno">Line 249:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>HOME_ROOT/\.journal&#160; &#160; &lt;&lt;none&gt;&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>HOME_ROOT/\.journal&#160; &#160; &lt;&lt;none&gt;&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&lt;/pre&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&lt;/pre&gt;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/file_contexts.homedirs File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/file_contexts.homedirs File ==</div></td></tr> </table> Fri, 25 Sep 2015 14:24:48 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines: /* modules/active/file_contexts.template File */ http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1803&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1803&oldid=prev <p>‎<span dir="auto"><span class="autocomment">modules/active/file_contexts.template File</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 14:23, 25 September 2015</td> </tr><tr><td colspan="2" class="diff-lineno">Line 31:</td> <td colspan="2" class="diff-lineno">Line 31:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This contains a copy all the modules 'Labeling Policy File' entries (e.g. the &lt;nowiki&gt;&lt;module_name&gt;.fc&lt;/nowiki&gt; files) that have been extracted from the [[#modules/active/base.pp | base.pp]] and the loadable modules in the [[#modules/active/modules_Directory_Contents | modules/active/modules]] directory. &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>This contains a copy all the modules 'Labeling Policy File' entries (e.g. the &lt;nowiki&gt;&lt;module_name&gt;.fc&lt;/nowiki&gt; files) that have been extracted from the [[#modules/active/base.pp | base.pp]] and the loadable modules in the [[#modules/active/modules_Directory_Contents | modules/active/modules]] directory. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The entries in the file_contexts.template file are then used to build the following files as shown in the [http://<del class="diffchange diffchange-inline">taiga.</del>selinuxproject.org/~rhaines/NB4-diagrams/25-file_contexts.png File Context Configuration Files] diagram:</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The entries in the file_contexts.template file are then used to build the following files as shown in the [http://selinuxproject.org/~rhaines/NB4-diagrams/25-file_contexts.png File Context Configuration Files] diagram:</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># [[#modules/active/homedir_template | homedir_template]] file that will be used to produce the [[#modules/active/file_contexts.homedirs | file_contexts.homedirs]] file which will then become the policies ./contexts/files/file_contexts.homedirs file. &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># [[#modules/active/homedir_template | homedir_template]] file that will be used to produce the [[#modules/active/file_contexts.homedirs | file_contexts.homedirs]] file which will then become the policies ./contexts/files/file_contexts.homedirs file. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># [[#modules/active/file_contexts | file_contexts]] file that will become the policies file_contexts file.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># [[#modules/active/file_contexts | file_contexts]] file that will become the policies file_contexts file.</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 169:</td> <td colspan="2" class="diff-lineno">Line 169:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>HOME_ROOT/\.journal&#160; &#160; &#160; &lt;&lt;none&gt;&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>HOME_ROOT/\.journal&#160; &#160; &#160; &lt;&lt;none&gt;&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&lt;/pre&gt;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>&lt;/pre&gt;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/file_contexts File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== modules/active/file_contexts File ==</div></td></tr> </table> Fri, 25 Sep 2015 14:23:46 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines at 14:22, 10 December 2014 http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1726&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=1726&oldid=prev <p></p> <a href="http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&amp;diff=1726&amp;oldid=876">Show changes</a> Wed, 10 Dec 2014 14:22:07 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines at 07:43, 23 January 2010 http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=876&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=876&oldid=prev <p></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 07:43, 23 January 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 155:</td> <td colspan="2" class="diff-lineno">Line 155:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== file_contexts File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== file_contexts File ==</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This file becomes the policies ./contexts/files/file_contexts file and is built from entries in the ./modules/active/file_contexts.template file as explained above and shown in Figure 1. It is then used by the file labeling utilities to ensure that files and directories are labeled according to the policy.</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This file becomes the policies ./contexts/files/file_contexts file and is built from entries in the ./modules/active/file_contexts.template file as explained above and shown in <ins class="diffchange diffchange-inline">[[http://taiga.selinuxproject.org/~rhaines/diagrams/filecontexts.png </ins>Figure 1<ins class="diffchange diffchange-inline">]]</ins>. It is then used by the file labeling utilities to ensure that files and directories are labeled according to the policy.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The format of the file_contexts file is the same as the ./modules/active/file_contexts.template file.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The format of the file_contexts file is the same as the ./modules/active/file_contexts.template file.</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 213:</td> <td colspan="2" class="diff-lineno">Line 213:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== homedir_template File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== homedir_template File ==</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This file is built from entries in the file_contexts.template file (as shown in Figure 1) and explained in the ./modules/active/file_contexts.template section. &#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This file is built from entries in the file_contexts.template file (as shown in <ins class="diffchange diffchange-inline">[[http://taiga.selinuxproject.org/~rhaines/diagrams/filecontexts.png </ins>Figure 1<ins class="diffchange diffchange-inline">]]</ins>) and explained in the ./modules/active/file_contexts.template section. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The file is used by genhomedircon, semanage login or semanage user to generate individual user entries in the file_contexts.homedirs file.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The file is used by genhomedircon, semanage login or semanage user to generate individual user entries in the file_contexts.homedirs file.</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 234:</td> <td colspan="2" class="diff-lineno">Line 234:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== file_contexts.homedirs File ==</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>== file_contexts.homedirs File ==</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>This file becomes the policies ./contexts/files/file_contexts.homedirs file when building policy as shown in Figure 1. It is then used by the file labeling utilities to ensure that users home directory areas are labeled according to the policy. &#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>This file becomes the policies ./contexts/files/file_contexts.homedirs file when building policy as shown in <ins class="diffchange diffchange-inline">[[http://taiga.selinuxproject.org/~rhaines/diagrams/filecontexts.png </ins>Figure 1<ins class="diffchange diffchange-inline">]]</ins>. It is then used by the file labeling utilities to ensure that users home directory areas are labeled according to the policy. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The file can be built by the genhomedircon command (in F-10 this just calls /usr/sin/semodule -Bn) or if using semanage with user or login options to manage users, where it is called automatically as it is now a libsepol library function. &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>The file can be built by the genhomedircon command (in F-10 this just calls /usr/sin/semodule -Bn) or if using semanage with user or login options to manage users, where it is called automatically as it is now a libsepol library function. &#160;</div></td></tr> </table> Sat, 23 Jan 2010 07:43:48 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines: /* file_contexts.template File */ http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=875&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=875&oldid=prev <p>‎<span dir="auto"><span class="autocomment">file_contexts.template File</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 07:40, 23 January 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 37:</td> <td colspan="2" class="diff-lineno">Line 37:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># file_contexts file that will become the policies ./contexts/files/file_contexts file.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div># file_contexts file that will become the policies ./contexts/files/file_contexts file.</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>The way these two files are built is as follows (and shown in Figure 1):</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>The way these two files are built is as follows (and shown in <ins class="diffchange diffchange-inline">[[http://taiga.selinuxproject.org/~rhaines/diagrams/filecontexts.png </ins>Figure 1<ins class="diffchange diffchange-inline">]]</ins>):</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''homedir_template''' - Any line in the file_contexts.template file that has the keywords HOME_ROOT or HOME_DIR are extracted and added to the homedir_template file. This is because these keywords are used to identify entries that are associated to a users home directory area. These lines can also have the ROLE keyword declared.</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''homedir_template''' - Any line in the file_contexts.template file that has the keywords HOME_ROOT or HOME_DIR are extracted and added to the homedir_template file. This is because these keywords are used to identify entries that are associated to a users home directory area. These lines can also have the ROLE keyword declared.</div></td></tr> <tr><td colspan="2" class="diff-lineno">Line 44:</td> <td colspan="2" class="diff-lineno">Line 44:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''file_contexts''' - All other lines are extracted and added to the file_contexts file as they are files not associated to a users home directory. &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''file_contexts''' - All other lines are extracted and added to the file_contexts file as they are files not associated to a users home directory. &#160;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">&lt;center&gt;'''[[http://taiga.selinuxproject.org/~rhaines/config-files/fig1-filecontexts.png Figure 1]]'''&lt;/center&gt;</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">&lt;center&gt;'''File Context Configuration Files - '''''The two files copied to the policy area will be used by the file labeling utilities to relabel files.''&lt;/center&gt;</del></div></td><td colspan="2">&#160;</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''The format of the file_contexts.template file is as follows:'''</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''The format of the file_contexts.template file is as follows:'''</div></td></tr> </table> Sat, 23 Jan 2010 07:40:59 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines: /* file_contexts.template File */ http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=874&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=874&oldid=prev <p>‎<span dir="auto"><span class="autocomment">file_contexts.template File</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 16:55, 22 January 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 45:</td> <td colspan="2" class="diff-lineno">Line 45:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''file_contexts''' - All other lines are extracted and added to the file_contexts file as they are files not associated to a users home directory. &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''file_contexts''' - All other lines are extracted and added to the file_contexts file as they are files not associated to a users home directory. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>&lt;center&gt;'''<del class="diffchange diffchange-inline">Figure 1: </del>[http://taiga.selinuxproject.org/~rhaines/config-files/fig1-filecontexts.png] File Context Configuration Files - '''''The two files copied to the policy area will be used by the file labeling utilities to relabel files.''&lt;/center&gt;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>&lt;center&gt;'''<ins class="diffchange diffchange-inline">[</ins>[http://taiga.selinuxproject.org/~rhaines/config-files/fig1-filecontexts.png <ins class="diffchange diffchange-inline">Figure 1</ins>]<ins class="diffchange diffchange-inline">]'''&lt;/center&gt;</ins></div></td></tr> <tr><td colspan="2">&#160;</td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins class="diffchange diffchange-inline">&lt;center&gt;'''</ins>File Context Configuration Files - '''''The two files copied to the policy area will be used by the file labeling utilities to relabel files.''&lt;/center&gt;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''The format of the file_contexts.template file is as follows:'''</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''The format of the file_contexts.template file is as follows:'''</div></td></tr> </table> Fri, 22 Jan 2010 16:55:31 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines: /* file_contexts.template File */ http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=873&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=873&oldid=prev <p>‎<span dir="auto"><span class="autocomment">file_contexts.template File</span></span></p> <table class='diff diff-contentalign-left'> <col class='diff-marker' /> <col class='diff-content' /> <col class='diff-marker' /> <col class='diff-content' /> <tr style='vertical-align: top;'> <td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td> <td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 16:40, 22 January 2010</td> </tr><tr><td colspan="2" class="diff-lineno">Line 45:</td> <td colspan="2" class="diff-lineno">Line 45:</td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''file_contexts''' - All other lines are extracted and added to the file_contexts file as they are files not associated to a users home directory. &#160;</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''file_contexts''' - All other lines are extracted and added to the file_contexts file as they are files not associated to a users home directory. &#160;</div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">ToDo - Get Figure 1 (filecontexts.png) uploaded.</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>&lt;center&gt;'''Figure 1: <ins class="diffchange diffchange-inline">[http://taiga.selinuxproject.org/~rhaines/config-files/fig1-filecontexts.png] </ins>File Context Configuration Files - '''''The two files copied to the policy area will be used by the file labeling utilities to relabel files.''&lt;/center&gt;</div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>&#160;</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del class="diffchange diffchange-inline">[[File:filecontexts.png|frame|</del>&lt;center&gt;'''Figure 1: File Context Configuration Files - '''''The two files copied to the policy area will be used by the file labeling utilities to relabel files.''&lt;/center&gt;<del class="diffchange diffchange-inline">]]</del></div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div></div></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr> <tr><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''The format of the file_contexts.template file is as follows:'''</div></td><td class='diff-marker'>&#160;</td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''The format of the file_contexts.template file is as follows:'''</div></td></tr> </table> Fri, 22 Jan 2010 16:40:21 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles RichardHaines: New page: = Policy Store Configuration Files = Each file discussed in this section is relative to the policy name as follows: <pre> <nowiki>/etc/selinux/<policy_name></nowiki> </pre> The Policy Sto... http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=860&oldid=prev http://selinuxproject.org/w/?title=PolicyStoreConfigurationFiles&diff=860&oldid=prev <p>New page: = Policy Store Configuration Files = Each file discussed in this section is relative to the policy name as follows: &lt;pre&gt; &lt;nowiki&gt;/etc/selinux/&lt;policy_name&gt;&lt;/nowiki&gt; &lt;/pre&gt; The Policy Sto...</p> <p><b>New page</b></p><div>= Policy Store Configuration Files =<br /> Each file discussed in this section is relative to the policy name as follows:<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;/etc/selinux/&lt;policy_name&gt;&lt;/nowiki&gt;<br /> &lt;/pre&gt;<br /> <br /> The Policy Store files in the &lt;nowiki&gt;/etc/selinux/&lt;policy_name&gt;/modules&lt;/nowiki&gt; area are either installed, updated or built by the semodule and semanage commands, and as a part of their process, relevant files are then copied to the Policy Configuration files area. <br /> <br /> The files present in each &lt;nowiki&gt;&lt;policy_name&gt;&lt;/nowiki&gt; policy store will vary from policy to policy as different items could be configured for each one. <br /> <br /> Generally if a file has the extension '.local', then it has been generated by semanage and used to update the binary policy located at &lt;nowiki&gt;/etc/selinux/&lt;policy_name&gt;/policy&lt;/nowiki&gt;.<br /> <br /> All files can have comments inserted where each line must have the '#' symbol to indicate the start of a comment.<br /> <br /> == modules/ Files ==<br /> The policy store has two lock files that are used by libsemanage for managing the store. Their format is not relevant to policy construction:<br /> &lt;pre&gt;<br /> semanage.read.LOCK<br /> semanage.trans.LOCK<br /> &lt;/pre&gt;<br /> <br /> == base.pp File ==<br /> This is the packaged base policy that contains the mandatory modules and policy components such as object classes and permission declarations, initial SIDs etc.<br /> <br /> == base.linked File ==<br /> This is only present if the save-linked is set to TRUE as described in the /etc/selinux/semanage.conf section. It contains the modules that have been linked using the semodule_link(8) command.<br /> <br /> == commit_num File ==<br /> This is a binary file used by libsemanage for managing updates to the store. The format is not relevant to policy construction.<br /> <br /> == file_contexts.template File ==<br /> This contains a copy all the modules 'Labeling Policy File' entries (e.g. the &lt;nowiki&gt;&lt;module_name&gt;.fc&lt;/nowiki&gt; files) that have been extracted from the base.pp and the loadable modules in the modules/active/modules directory. <br /> <br /> The entries in the file_contexts.template file are then used to build the following files:<br /> <br /> # homedir_template file that will be used to produce the file_contexts.homedirs file which will then become the policies ./contexts/files/file_contexts.homedirs file. <br /> # file_contexts file that will become the policies ./contexts/files/file_contexts file.<br /> <br /> The way these two files are built is as follows (and shown in Figure 1):<br /> <br /> '''homedir_template''' - Any line in the file_contexts.template file that has the keywords HOME_ROOT or HOME_DIR are extracted and added to the homedir_template file. This is because these keywords are used to identify entries that are associated to a users home directory area. These lines can also have the ROLE keyword declared.<br /> <br /> The homedir_template file will then be used by genhomedircon(8)(Note that the genhomedircon command has now been built into the libsepol library as a function to build the file_contexts.homedirs file via semanage) to generate individual SELinux user entries in the file_contexts.homedirs file as discussed in the ./modules/active/file_contexts.homedirs section.<br /> <br /> '''file_contexts''' - All other lines are extracted and added to the file_contexts file as they are files not associated to a users home directory. <br /> <br /> ToDo - Get Figure 1 (filecontexts.png) uploaded.<br /> <br /> [[File:filecontexts.png|frame|&lt;center&gt;'''Figure 1: File Context Configuration Files - '''''The two files copied to the policy area will be used by the file labeling utilities to relabel files.''&lt;/center&gt;]]<br /> <br /> '''The format of the file_contexts.template file is as follows:'''<br /> <br /> Each line within the file consists of either type of entry:<br /> &lt;pre&gt;<br /> pathname_regexp opt_security_context<br /> &lt;/pre&gt;<br /> '''Or'''<br /> &lt;pre&gt;<br /> pathname_regexp file_type opt_security_context<br /> &lt;/pre&gt;<br /> <br /> '''Where:'''<br /> {| border=&quot;1&quot;<br /> | | pathname_regexp<br /> | | An entry that defines the pathname in the form of a regular expression.<br /> <br /> The metacharacters '^' (match beginning of line) and '$' (match end of line) are automatically added to the expression by the routines that process this file, however they can be over-ridden by using '.*' at either the beginning or end of the expression (see the example file_contexts files below). <br /> <br /> There are also keywords of HOME_ROOT, HOME_DIR, ROLE and USER that are used by file labeling commands (see the keyword definitions below and the ./modules/active/homedir_template file section for their usage).<br /> <br /> |-<br /> | | file_type<br /> | | The file_type options are:<br /> <br /> '-b' - Block Device '-c' - Character Device<br /> <br /> '-d' - Directory '-p' - Named Pipe<br /> <br /> '-l' - Symbolic Link '-s' - Socket<br /> <br /> '--' - Ordinary file<br /> <br /> |-<br /> | | opt_security_context<br /> | | This entry can be either:<br /> <br /> # The security context, including the MLS / MCS level or range if applicable that will be assigned to the file.<br /> # A value of &lt;nowiki&gt;&lt;&lt;none&gt;&gt;&lt;/nowiki&gt; can be used to indicate that the matching files should not be re-labeled. <br /> <br /> <br /> <br /> |}<br /> <br /> <br /> '''Keywords that can be in the file_contexts.template''' '''file are:'''<br /> {| border=&quot;1&quot;<br /> | | HOME_ROOT<br /> | | This keyword is replaced by the GNU / Linux users root home directory, normally '/home'.<br /> <br /> |-<br /> | | HOME_DIR<br /> | | This keyword is replaced by the GNU / Linux users home directory, normally '/home/'.<br /> <br /> |-<br /> | | ROLE<br /> | | This keyword is replaced by the 'prefix' entry from the users_extra configuration file that corresponds to the SELinux users user id. Example users_extra configuration file entries are:<br /> &lt;pre&gt;<br /> user user_u prefix user;<br /> user staff_u prefix staff;<br /> user group1_u prefix group1;<br /> &lt;/pre&gt;<br /> <br /> It is used for files and directories within the users home directory area when relabeling takes place to allow the domain context to be based on a specific role (or any identifier !!) to allow easier identification in log files. <br /> <br /> It can be added by the semanage user command as follows:<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# Add prefix for SELinux user:&lt;/nowiki&gt;<br /> semanage user -a -R staff_r -P group1 group1_u<br /> <br /> &lt;nowiki&gt;# Add login user:&lt;/nowiki&gt;<br /> semanage login -a -s group1_u rch<br /> &lt;/pre&gt;<br /> <br /> The usage is similar to the Reference Policy 'per_role_template' (&lt;nowiki&gt;&lt;param name=&quot;userdomain_prefix&quot;&gt;&lt;/nowiki&gt;) that is an optional component of the external interface file (see the ftp.if or ssh.if files in the Reference Policy source). This feature will probably be removed as the semanage user -P option is more flexible !!!.<br /> <br /> |-<br /> | | USER<br /> | | This keyword will be replaced by the users GNU / Linux user id.<br /> <br /> |}<br /> <br /> <br /> '''Example file_contexts.template''' '''contents:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/file_contexts.template - These sample entries<br /> &lt;nowiki&gt;# have been taken from the Reference Policy and show the &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# HOME_DIR, HOME_ROOT keywords whose lines will be extracted and &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# added to the &lt;/nowiki&gt;homedir_template file that is used to manage <br /> &lt;nowiki&gt;# user home directory entries. The USER keyword will be replaced &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# by the file labeling utilities with the corresponding GNU / &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# Linux user id. The ROLE keyword will be replaced by the prefix &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# assigned to the SELinux seuser_id taken from the users_extra &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# file.&lt;/nowiki&gt;<br /> <br /> /.* system_u:object_r:default_t<br /> /a?quota\.(user|group) -- system_u:object_r:quota_db_t<br /> /xen(/.*)? system_u:object_r:xen_image_t<br /> /dev/mcdx? -b system_u:object_r:removable_device_t<br /> HOME_DIR/.+ system_u:object_r:user_home_t<br /> /var/log/.* system_u:object_r:var_log_t<br /> /tmp/gconfd-USER/.* -- system_u:object_r:gconf_tmp_t<br /> /var/log/sxid\.log.* -- system_u:object_r:sxid_log_t<br /> &lt;nowiki&gt;/var/log/messages[^/]*&lt;/nowiki&gt; system_u:object_r:var_log_t<br /> /var/run/wnn-unix(/.*) system_u:object_r:canna_var_run_t<br /> HOME_DIR/\.ircmotd -- system_u:object_r:ROLE_irc_home_t<br /> HOME_ROOT/lost\+found/.* &lt;nowiki&gt;&lt;&lt;none&gt;&gt;&lt;/nowiki&gt;<br /> HOME_DIR/\.config/gtk-.* system_u:object_r:gnome_home_t<br /> &lt;/pre&gt;<br /> <br /> == file_contexts File ==<br /> This file becomes the policies ./contexts/files/file_contexts file and is built from entries in the ./modules/active/file_contexts.template file as explained above and shown in Figure 1. It is then used by the file labeling utilities to ensure that files and directories are labeled according to the policy.<br /> <br /> The format of the file_contexts file is the same as the ./modules/active/file_contexts.template file.<br /> <br /> The USER keyword is replaced by the users GNU / Linux user id when the file labeling utilities are run.<br /> <br /> '''Example file_contexts contents:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/file_contexts - These sample entries have been<br /> &lt;nowiki&gt;# taken from the Reference Policy and show the USER keyword &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# that will be &lt;/nowiki&gt;replaced by the users GNU / Linux user id when the<br /> &lt;nowiki&gt;# file labeling utilities are run.&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# The other keywords HOME_DIR, HOME_ROOT and ROLE have been&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# extracted and put in the homedir_template file.&lt;/nowiki&gt;<br /> <br /> /.* system_u:object_r:default_t<br /> /a?quota\.(user|group) -- system_u:object_r:quota_db_t<br /> /xen(/.*)? system_u:object_r:xen_image_t<br /> /dev/mcdx? -b system_u:object_r:removable_device_t<br /> /var/log/.* system_u:object_r:var_log_t<br /> /tmp/gconfd-USER/.* -- system_u:object_r:gconf_tmp_t<br /> /var/log/sxid\.log.* -- system_u:object_r:sxid_log_t<br /> &lt;nowiki&gt;/var/log/messages[^/]*&lt;/nowiki&gt; system_u:object_r:var_log_t<br /> /var/run/wnn-unix(/.*) system_u:object_r:canna_var_run_t<br /> &lt;/pre&gt;<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./contexts/files/file_contexts - Sample entries taken from the <br /> &lt;nowiki&gt;# MLS reference policy. &lt;/nowiki&gt;<br /> <br /> &lt;nowiki&gt;# Notes:&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# 1) The &lt;/nowiki&gt;fixed_disk_device_t is labeled SystemHigh (s15:c0.c255)<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;as it needs to be trusted. Also some logs and configuration<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;files are labeled SystemHigh as they contain sensitive<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;information used by trusted applications.<br /> &lt;nowiki&gt;#&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# 2) Some directories (e.g. &lt;/nowiki&gt;/tmp) are labeled <br /> &lt;nowiki&gt;# &lt;/nowiki&gt;SystemLow-SystemHigh (s0-s15:c0.c255) as they will<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;support polyinstantiated directories.<br /> <br /> /.* system_u:object_r:default_t:s0<br /> /a?quota\.(user|group) -- system_u:object_r:quota_db_t:s0<br /> &lt;nowiki&gt;/mnt(/[^/]*)&lt;/nowiki&gt; -l system_u:object_r:mnt_t:s0<br /> &lt;nowiki&gt;/mnt/[^/]*/.*&lt;/nowiki&gt; &lt;nowiki&gt;&lt;&lt;none&gt;&gt;&lt;/nowiki&gt;<br /> /dev/.*mouse.* -c system_u:object_r:mouse_device_t:s0<br /> &lt;nowiki&gt;/dev/.*tty[^/]*&lt;/nowiki&gt; -c system_u:object_r:tty_device_t:s0<br /> &lt;nowiki&gt;/dev/[shmx]d[^/]*&lt;/nowiki&gt; -b system_u:object_r:fixed_disk_device_t:s15:c0.c255<br /> &lt;nowiki&gt;/var/[xgk]dm(/.*)?&lt;/nowiki&gt; system_u:object_r:xserver_log_t:s0<br /> /dev/(raw/)?rawctl -c system_u:object_r:fixed_disk_device_t:s15:c0.c255<br /> /tmp -d system_u:object_r:tmp_t:s0-s15:c0.c255<br /> dev/pts -d system_u:object_r:devpts_t:s0-s15:c0.c255<br /> /var/log -d system_u:object_r:var_log_t:s0-s15:c0.c255<br /> /var/tmp -d system_u:object_r:tmp_t:s0-s15:c0.c255<br /> /var/run -d system_u:object_r:var_run_t:s0-s15:c0.c255<br /> /usr/tmp -d system_u:object_r:tmp_t:s0-s15:c0.c255<br /> &lt;/pre&gt;<br /> <br /> <br /> == homedir_template File ==<br /> This file is built from entries in the file_contexts.template file (as shown in Figure 1) and explained in the ./modules/active/file_contexts.template section. <br /> <br /> The file is used by genhomedircon, semanage login or semanage user to generate individual user entries in the file_contexts.homedirs file.<br /> <br /> The homedir_template file has the same per line format as the ./modules/active/file_contexts.template file.<br /> <br /> '''Example file contents:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/homedir_template - These sample entries have <br /> &lt;nowiki&gt;# been taken from the Reference Policy and show the &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# HOME_DIR, HOME_ROOT and ROLE keywords that are used to manage &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# users home directories:&lt;/nowiki&gt;<br /> <br /> HOME_DIR/.+ system_u:object_r:user_home_t<br /> HOME_DIR/\.ircmotd -- system_u:object_r:ROLE_irc_home_t<br /> HOME_ROOT/lost\+found/.* &lt;nowiki&gt;&lt;&lt;none&gt;&gt;&lt;/nowiki&gt;<br /> HOME_DIR/\.config/gtk-.* system_u:object_r:gnome_home_t<br /> &lt;/pre&gt;<br /> <br /> <br /> == file_contexts.homedirs File ==<br /> This file becomes the policies ./contexts/files/file_contexts.homedirs file when building policy as shown in Figure 1. It is then used by the file labeling utilities to ensure that users home directory areas are labeled according to the policy. <br /> <br /> The file can be built by the genhomedircon command (in F-10 this just calls /usr/sin/semodule -Bn) or if using semanage with user or login options to manage users, where it is called automatically as it is now a libsepol library function. <br /> <br /> The file_contexts.homedirs file has the same per line format as the ./modules/active/file_contexts.template file, however the HOME_DIR, ROOT_DIR and ROLE keywords will be replaced as explained in the keyword definitions section above. Note that the ROLE keyword will only be replaced for those valid types within the policy (for example if staff_irc_home_t cannot be found in the policy it will be silently dropped from the file_context.homedirs when being built '''True?'''.<br /> <br /> '''Example file_contexts.homedirs contents:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/file_contexts.homedirs - These sample entries <br /> &lt;nowiki&gt;# have been taken from the Reference Policy and show that &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# the HOME_DIR, HOME_ROOT and ROLE keywords have been replaced&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# by entries as explained above.&lt;/nowiki&gt;<br /> &lt;nowiki&gt;#&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# User-specific file contexts, generated via libsemanage&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# use semanage command to manage system users to change the file_context&lt;/nowiki&gt;<br /> &lt;nowiki&gt;#&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# Home Context for user user_u&lt;/nowiki&gt;<br /> <br /> /home/.+ system_u:object_r:user_home_t<br /> /home/\.ircmotd -- system_u:object_r:user_irc_home_t<br /> /home/lost\+found/.* &lt;nowiki&gt;&lt;&lt;none&gt;&gt;&lt;/nowiki&gt;<br /> /home/\.config/gtk-.* system_u:object_r:gnome_home_t<br /> <br /> &lt;nowiki&gt;# Home Context for user root&lt;/nowiki&gt;<br /> /root/.+ system_u:object_r:user_home_t<br /> /root/\.ircmotd -- system_u:object_r:user_irc_home_t<br /> /root/lost\+found/.* &lt;nowiki&gt;&lt;&lt;none&gt;&gt;&lt;/nowiki&gt;<br /> /root/\.config/gtk-.* system_u:object_r:gnome_home_t<br /> &lt;/pre&gt;<br /> <br /> == netfilter_contexts &amp; netfilter.local File ==<br /> These files do not seem to be used at present. There is code to produce a netfilter_contexts file for use by the GNU/Linux iptables service (This uses SECMARK labeling that has been utilised by SELinux) in the Reference Policy that would generate a file similar to the example below, however there seems much debate on how they should be managed (see [https://bugzilla.redhat.com/show_bug.cgi?id=201573 bug 201573 - Secmark iptables integration] for details).<br /> <br /> '''Example netfilter_contexts contents:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# This is an example that would be generated by the Reference &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# Policy, however seems on hold.&lt;/nowiki&gt;<br /> <br /> &lt;nowiki&gt;# This is the standard iptables header:&lt;/nowiki&gt;<br /> &lt;nowiki&gt;*mangle&lt;/nowiki&gt;<br /> <br /> &lt;nowiki&gt;:PREROUTING ACCEPT [0:0]&lt;/nowiki&gt;<br /> &lt;nowiki&gt;:INPUT ACCEPT [0:0]&lt;/nowiki&gt;<br /> &lt;nowiki&gt;:FORWARD ACCEPT [0:0]&lt;/nowiki&gt;<br /> &lt;nowiki&gt;:OUTPUT ACCEPT [0:0]&lt;/nowiki&gt;<br /> &lt;nowiki&gt;:POSTROUTING ACCEPT [0:0]&lt;/nowiki&gt;<br /> &lt;nowiki&gt;:selinux_input - [0:0]&lt;/nowiki&gt;<br /> &lt;nowiki&gt;:selinux_output - [0:0]&lt;/nowiki&gt;<br /> &lt;nowiki&gt;:selinux_new_input - [0:0]&lt;/nowiki&gt;<br /> &lt;nowiki&gt;:selinux_new_output - [0:0]&lt;/nowiki&gt;<br /> -A INPUT -j selinux_input<br /> -A OUTPUT -j selinux_output<br /> -A selinux_input -m state --state NEW -j selinux_new_input<br /> -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore<br /> -A selinux_output -m state --state NEW -j selinux_new_output<br /> -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore<br /> -A selinux_new_input -j SECMARK --selctx system_u:object_r:server_packet_t:s0<br /> <br /> &lt;nowiki&gt;# These entries are built from the ports defined in the policy:&lt;/nowiki&gt;<br /> -A selinux_new_input -p udp --dport 7007 -j SECMARK --selctx system_u:object_r:afs_bos_server_packet_t:s0<br /> -A selinux_new_input -p tcp --dport 2040 -j SECMARK --selctx system_u:object_r:afs_fs_server_packet_t:s0<br /> -A selinux_new_input -p udp --dport 7000 -j SECMARK --selctx system_u:object_r:afs_fs_server_packet_t:s0<br /> -A selinux_new_input -p udp --dport 7005 -j SECMARK --selctx system_u:object_r:afs_fs_server_packet_t:s0<br /> .....<br /> .....<br /> &lt;nowiki&gt;# This is the standard iptables trailer:&lt;/nowiki&gt;<br /> -A selinux_new_input -j CONNSECMARK --save<br /> -A selinux_new_input -j RETURN<br /> -A selinux_new_output -j CONNSECMARK --save<br /> -A selinux_new_output -j RETURN<br /> COMMIT<br /> &lt;/pre&gt;<br /> <br /> == policy.kern File ==<br /> This is the binary policy file built by either the semanage or semodule process (depending on the configuration action), that is then copied as the ./policy/policy.[ver] binary policy that will be loaded into the kernel.<br /> <br /> == seusers.final and seusers Files ==<br /> The seusers.final file maps GNU / Linux users to SELinux users and becomes the policies seusers file as discussed in the ./seusers section. (Many seusers make confusion: The ./modules/active/seusers file is used to hold initial seusers entries, the ./modules/active/seusers.final file holds the complete entries that then becomes the policy ./seusers file). The seusers.final file is built or modified when:<br /> <br /> * Building a policy where an optional seusers file has been included in the base package via the semodule_package(8) command (signified by the -s flag) as follows (The Reference Policy Makefile 'Rules.modular' script uses this method to install the initial seusers file):<br /> &lt;pre&gt;<br /> semodule_package -o base.pp -m base.mod -s seusers ... <br /> &lt;/pre&gt;<br /> <br /> The seusers file would be extracted by the subsequent semodule command when building the policy to produce the seusers.final file.<br /> <br /> * The semanage login command is used to map GNU / Linux users to SELinux users as follows:<br /> &lt;pre&gt;<br /> semanage login -a -s staff_u rch <br /> &lt;/pre&gt;<br /> <br /> This action will update the seusers file that would then be used to produce the seusers.final file with both policy and locally defined user mapping. <br /> <br /> '''The format of the seusers.final &amp; seusers files are as follows:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;user_id:seuser_id [:range]&lt;/nowiki&gt;<br /> &lt;/pre&gt;<br /> <br /> '''Where:'''<br /> {| border=&quot;1&quot;<br /> | | user_id<br /> | | The GNU / Linux user identity.<br /> <br /> |-<br /> | | seuser_id<br /> | | The SELinux user identity.<br /> <br /> |-<br /> | | range<br /> | | The optional range as defined in the MLS range definition section.<br /> <br /> |}<br /> <br /> <br /> '''Example seusers.final file contents:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/seusers.final<br /> <br /> system_u:system_u<br /> root:root<br /> __default__:user_u<br /> &lt;/pre&gt;<br /> <br /> '''Example semanage login command to add a GNU / Linux user mapping:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# This command will add the &lt;/nowiki&gt;rch:user_u entry in the seusers file: <br /> <br /> semanage login -a -s user_u rch<br /> &lt;/pre&gt;<br /> <br /> '''The resulting seusers file would be:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/seusers<br /> <br /> rch:user_u<br /> &lt;/pre&gt;<br /> '''The seusers.final file that will become the &lt;nowiki&gt;./&lt;policy_name&gt;/seusers&lt;/nowiki&gt; file is as follows:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/seusers.final<br /> <br /> system_u:system_u<br /> root:root<br /> __default__:user_u<br /> rch:user_u<br /> &lt;/pre&gt;<br /> <br /> <br /> == users_extra, users_extra.local and users.local Files ==<br /> These three files work together to describe SELinux user information as follows:<br /> <br /> * The users_extra and users_extra.local files are used to map a prefix to users home directories as discussed in the ./modules/active/file_contexts.template file section, where it is used to replace the ROLE keyword. The prefix is linked to an SELinux user id and should reflect the users role. The semanage user command will allow a prefix to be added via the -P flag. <br /> <br /> The users_extra file contains all the policy prefix entries, and the users_extra.local file contains those generated by the semanage user command.<br /> <br /> The users_extra file can optionally be included in the base package via the semodule_package(8) command (signified by the -u flag) as follows (The Reference Policy Makefile 'Rules.modular' script uses this method to install the initial users_extra file):<br /> &lt;pre&gt;<br /> semodule_package -o base.pp -m base.mod -u users_extra ... <br /> &lt;/pre&gt;<br /> <br /> The users_extra file would then be extracted by a subsequent semodule command when building the policy.<br /> <br /> * The users.local file is used to add new SELinux users to the policy without editing the policy source itself (with each line in the file following a user policy language statement). This is useful when only the Reference Policy headers are installed and additional users need to added. The semanage user command will allow a new SELinux user to be added that would generate the user.local file and if a -P flag has been specified, then a users_extra.local file is also generated (note: if this is a new SELinux user and a prefix is not specified a default prefix of user is generated). <br /> <br /> The sections that follow will:<br /> <br /> * Define the format and show example users_extra and users_extra.local files.<br /> * Execute an semanage user command that will add a new SELinux user and associated prefix, and show the resulting users_extra, users_extra.local and users.local files. <br /> <br /> Note that each line of the users.local file contains a user statement that is defined in the policy language user Statement section, and will be built into the policy via the semanage command.<br /> <br /> '''The format of the users_extra &amp; users_extra.local files are as follows:'''<br /> &lt;pre&gt;<br /> user seuser_id prefix prefix_id;<br /> &lt;/pre&gt;<br /> <br /> '''Where:'''<br /> {| border=&quot;1&quot;<br /> | | user<br /> | | The user keyword.<br /> <br /> |-<br /> | | seuser_id<br /> | | The SELinux user identity.<br /> <br /> |-<br /> | | prefix<br /> | | The prefix keyword.<br /> <br /> |-<br /> | | prefix_id<br /> | | An identifier that will be used to replace the ROLE keyword within the ./modules/active/homedir_template file when building the ./modules/active/file_contexts.homedirs file for the relabeling utilities to set the security context on users home directories.<br /> <br /> |}<br /> <br /> <br /> '''Example users_extra file contents:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/users_extra entries, note that the <br /> &lt;nowiki&gt;# &lt;/nowiki&gt;users_extra.local file contents are similar and generated by <br /> &lt;nowiki&gt;# the semanage user command.&lt;/nowiki&gt;<br /> <br /> user user_u prefix user;<br /> user staff_u prefix user;<br /> user sysadm_u prefix user;<br /> user root prefix user;<br /> &lt;/pre&gt;<br /> <br /> '''Example semanage user command to add a new SELinux user:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# This command will add the &lt;/nowiki&gt;user test_u prefix staff entry in <br /> &lt;nowiki&gt;# the users_extra.local file: &lt;/nowiki&gt;<br /> <br /> semanage user -a -R staff_r -P staff test_u<br /> &lt;/pre&gt;<br /> <br /> '''The resulting users_extra.local file is as follows:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/users_extra.local<br /> <br /> user test_u prefix staff;<br /> &lt;/pre&gt;<br /> <br /> '''The resulting users_extra file is as follows:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/users_extra<br /> <br /> user user_u prefix user;<br /> user staff_u prefix user;<br /> user sysadm_u prefix user;<br /> user root prefix user;<br /> user test_u prefix staff;<br /> &lt;/pre&gt;<br /> <br /> '''The resulting users.local file is as follows:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/users.local file entry:<br /> <br /> user test_u roles { staff_r } level s0 range s0;<br /> &lt;/pre&gt;<br /> <br /> == booleans.local File ==<br /> This file is created and updated by the semanage boolean command and holds boolean value as requested. It should be noted that instead of using this file, the command allows a different file to be specified (see the semanage man page).<br /> <br /> '''Example semanage boolean command to modify a boolean value:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# This command will add an entry in the booleans.local &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# file and set the boolean value to off: &lt;/nowiki&gt;<br /> <br /> semanage boolean -m -0 ext_gateway_audit <br /> &lt;/pre&gt;<br /> <br /> '''The resulting booleans.local file would be:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/booleans.local<br /> <br /> ext_gateway_audit=0<br /> &lt;/pre&gt;<br /> <br /> == file_contexts.local File ==<br /> This file is created and updated by the semanage fcontext command. It is used to hold file context information on files and directories that were not delivered by the core policy (i.e. they are not defined in any of the &lt;nowiki&gt;*.fc&lt;/nowiki&gt; files delivered in the base and loadable modules).<br /> <br /> The semanage command will add the information to the policy stores file_contexts.local file and then copy this file to the ./contexts/files/file_contexts.local file, where it will be used when the file context utilities are run.<br /> <br /> The format of the file_contexts.local file is the same as the ./modules/active/file_contexts.template file.<br /> <br /> '''Example semanage fcontext command to add a new entry:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# This command will add an entry in the file_contexts.local &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# file: &lt;/nowiki&gt;<br /> <br /> semanage fcontext -a -t user_t /usr/move_file<br /> <br /> &lt;nowiki&gt;# &lt;/nowiki&gt;Note that the type (-t flag) must exist in the policy <br /> &lt;nowiki&gt;# otherwise the command will fail.&lt;/nowiki&gt;<br /> &lt;/pre&gt;<br /> <br /> '''The resulting file_contexts.local file would be:'''<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# &lt;/nowiki&gt;./modules/active/file_contexts.local<br /> <br /> /usr/move_filesystem_u:object_r:user_t<br /> &lt;/pre&gt;<br /> <br /> <br /> == interfaces.local File ==<br /> This file is created and updated by the semanage interface command to hold network interface information that was not delivered by the core policy (i.e. they are not defined in base.conf file). The new interface information is then built into the policy by the semanage process.<br /> <br /> Each line of the file contains a netifcon statement that is defined along with examples in the netifcon Statement section.<br /> <br /> == nodes.local File ==<br /> This file is created and updated by the semanage node command to hold network address information that was not delivered by the core policy (i.e. they are not defined in base.conf file). The new node information is then built into the policy by the semanage process.<br /> <br /> Each line of the file contains a nodecon statement that is defined along with examples in the policy language nodecon Statement section.<br /> <br /> == ports.local File ==<br /> This file is created and updated by the semanage port command to hold network port information that was not delivered by the core policy (i.e. they are not defined in base.conf file). The new port information is then built into the policy by the semanage process.<br /> <br /> Each line of the file contains a portcon statement that is defined along with examples in the policy language portcon Statement section.<br /> <br /> == modules Directory Contents ==<br /> This directory contains the loadable modules (&lt;nowiki&gt;&lt;module_name&gt;.pp&lt;/nowiki&gt;) that have been packaged by the semodule_package command and placed in the store by the semodule command as shown in the following example:<br /> &lt;pre&gt;<br /> &lt;nowiki&gt;# Package the module &lt;/nowiki&gt;''move_file_c'':<br /> <br /> semodule_package -o move_file_c.pp -m move_file_c.mod -f move_file.fc <br /> <br /> &lt;nowiki&gt;# Then to install it in the store (at /etc/selinux/modular-test/&lt;/nowiki&gt;<br /> &lt;nowiki&gt;# modules/active/modules/move_file_c.pp) and build the binary &lt;/nowiki&gt;<br /> &lt;nowiki&gt;# policy file, run the semodule command:&lt;/nowiki&gt;<br /> <br /> semodule -v -s modular-test -i move_file_c.pp<br /> &lt;/pre&gt;</div> Wed, 02 Dec 2009 14:30:52 GMT RichardHaines http://selinuxproject.org/page/Talk:PolicyStoreConfigurationFiles