SIDStatements
Security ID (SID) Statement
There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is used to associate an initial security context to the SID, this is used when SELinux initialises but the policy has not yet been activated or as a default context should an object have an invalid label.
sid
The sid statement declares the SID identifier and is defined at the start of a policy source file.
The statement definition is:
sid sid_id
Where:
sid | The sid keyword. |
sid_id | The sid identifier. |
The statement is valid in:
|
|
|
|
|
|
|
|
|
Example:
This example has been taken from the Reference Policy source ./policy/flask/initial_sids file.
sid kernel sid security sid unlabeled sid fs
sid context
The sid context statement is used to associate an initial security context to the SID.
sid sid_id context
Where:
sid | The sid keyword. |
sid_id | The previously declared sid identifier. |
context | The initial security context. |
The statements are valid in:
|
|
|
|
|
|
|
|
|
Examples:
# This is from a targeted policy: sid unlabeled ... sid unlabeled system_u:object_r:unlabeled_t
# This is from an MLS policy. Note that the security level is set # to SystemHigh as it may need to label any object in the system. sid unlabeled ... sid unlabeled system_u:object_r:unlabeled_t:s15:c0.c255
Previous | |
|