Jaxelson: /* Security ID (SID) Statement */ added a link for security context

2010-09-10T22:25:01Z

Security ID (SID) Statement - added a link for security context

←Older revision		Revision as of 22:25, 10 September 2010
Line 1:		Line 1:
	= Security ID (SID) Statement =		= Security ID (SID) Statement =
-	There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is used to add an initial security context to the SID that is used when SELinux initialises or as a default if an object is not labeled correctly. The Building a Basic Policy section shows their usage.	+	There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is used to add an initial [[security context]] to the SID that is used when SELinux initialises or as a default if an object is not labeled correctly. The Building a Basic Policy section shows their usage.

	== sid Statement ==		== sid Statement ==

RichardHaines: New page: = Security ID (SID) Statement = There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is ...

2009-11-30T14:52:06Z

New page: = Security ID (SID) Statement = There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is ...

New page

= Security ID (SID) Statement =
There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is used to add an initial security context to the SID that is used when SELinux initialises or as a default if an object is not labeled correctly. The Building a Basic Policy section shows their usage.

== sid Statement ==
The sid statement declares the actual SID identifier and is defined at the start of a policy source file.

'''The statement definition is:'''
<pre>
sid sid_id
</pre>

'''Where:'''
{|border="1"
|sid
|The sid keyword.

|-
|sid_id
|The sid identifier. Note that there is no terminating '<nowiki>;</nowiki>'.

|}

'''The statement is valid in:'''
{|border="1"
|<center>'''Monolithic Policy'''</center>
|<center>'''Base Policy'''</center>
|<center>'''Module Policy'''</center>

|-
|<center>Yes</center>
|<center>Yes</center>
|<center>No</center>

|-
|<center>'''Conditional Policy (if) Statement'''</center>
|<center>'''optional Statement'''</center>
|<center>'''require Statement'''</center>

|-
|<center>No</center>
|<center>No</center>
|<center>No</center>

|}

'''Example:'''
This example has been taken from the Reference Policy source ../policy/flask/initial_sids file.
<pre>
<nowiki># This example was taken from the</nowiki>
<nowiki># ./policy/flask/initial_sids file and </nowiki>declares some
<nowiki># of the initial SIDs:</nowiki>
<nowiki>#</nowiki>

sid kernel
sid security
sid unlabeled
sid fs
</pre>

== sid context Statement ==
The sid context statement is used to add an initial security context to the SID that is used when SELinux initialises, or as a default if an object is not labeled correctly.
<pre>
sid sid_id context
</pre>

'''Where:'''
{|border="1"
|sid
|The sid keyword.

|-
|sid_id
|The previously declared sid identifier.

|-
|context
|The initial security context associated with the SID. Note that there is no terminating '<nowiki>;</nowiki>'.

|}

'''The statements are valid in:'''
{|border="1"
|<center>'''Monolithic Policy'''</center>
|<center>'''Base Policy'''</center>
|<center>'''Module Policy'''</center>

|-
|<center>Yes</center>
|<center>Yes</center>
|<center>No</center>

|-
|<center>'''Conditional Policy (if) Statement'''</center>
|<center>'''optional Statement'''</center>
|<center>'''require Statement'''</center>

|-
|<center>No</center>
|<center>No</center>
|<center>No</center>

|}

'''Examples:'''
<pre>
<nowiki># These statements add an initial security context to an object </nowiki>
<nowiki># that is used when SELinux initialises or as a default if a</nowiki>
<nowiki># context is not available or labeled incorrectly. </nowiki>
<nowiki>#</nowiki>
<nowiki># This one is from a targeted policy:</nowiki>

sid unlabeled system_u:object_r:unlabeled_t

<nowiki># This one is from an MLS policy. Note that the security level is</nowiki>
<nowiki># set to SystemHigh as it may need to label any object in the</nowiki>
<nowiki># system.</nowiki>

sid unlabeled system_u:object_r:unlabeled_t:s15:c0.c255
</pre>

SIDStatements - Revision history

Jaxelson: /* Security ID (SID) Statement */ added a link for security context

RichardHaines: New page: = Security ID (SID) Statement = There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is ...