Symbols
- ! (logical negation), used in conditional expressions, Conditional Declarations
- != (logical inequality), used in conditional expressions, Conditional Declarations
- && (logical AND), used in conditional expressions, Conditional Declarations
- * (asterisk), special notation for specifying types/classes/permissions, Special notations for types, classes, and permissions
- - (minus sign), special notation for specifying types/classes/permissions, Special notations for types, classes, and permissions
- 0-day vulnerabilities and patch
cycles, The Patch Cycle and the 0-Day Problem, Protecting Against 0-Days
- <Emphasis>Malicious Mobile Code<Default
Para Font>, Active content and mobile code
- == (logical equality), used in conditional expressions, Conditional Declarations
- ^ (logical exclusive OR), used in conditional expressions, Conditional Declarations
- || (logical OR), used in conditional expressions, Conditional Declarations
- ~ (tilde), special notation for specifying types/classes/permissions, Special notations for types, classes, and permissions
A
- accept
operation, SELinux Operations
- acceptfrom
operation, SELinux Operations
- access controls,
discretionary/mandatory, Discretionary and Mandatory Access Control
- access
decisions, Access Decisions, Access Decisions
- access vector cache (AVC), Access Decisions
- access
vectors, Access Decisions
- TE access-vector
declarations, TE Access-Vector Declarations, Macros that specify and authorize transitions
- access-control lists (ACLs), protecting
memory with, Access-control lists
- access-vector rules
- authorizing transitions
with, Macros that specify and authorize transitions
- restrictions imposed on, by constraint
declarations, Constraint Declarations
- syntax
of, TE Access-Vector Declarations
- access_vectors file in flask
subdirectory, The flask/access_vectors file, Syntax of access_vectors
- access_vectors policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- ACLs
(access-control lists), protecting memory
with, Access-control lists
- actions performed by
subjects, Subjects and Objects
- active content,
contributing to software threats, Active content and mobile code
- Add button (Seuserx
window), Seuserx
- adding user
accounts, Adding Users, Setting user passwords, Adding an Ordinary User
- Address Space Layout Randomization
(ASLR), SELinux History
- adduser
command, Installing SELinux to a fresh Gentoo system
- add_name
operation, SELinux Operations
- admin type attribute, SELinux Type Attributes
- admin.te file, The domains Subdirectory, The SELinux Policy Source Tree
- admin_domain macro, SELinux Macros Defined in src/policy/macros
- admin_macros.te file, The macros Subdirectory, The SELinux Policy Source Tree
- Advanced button (Seuserx
window), Seuserx
- agp_device_t type, SELinux General Types
- aliases for type names, defining with type
declarations, Type Declarations, Type-Alias Declarations
- allow access
vector, Access Decisions, TE Access-Vector Declarations
- conditional declarations
and, Conditional Declarations, Allowing a User Access to an Existing Domain
- sample
declaration, TE Access-Vector Declarations
- allow lines in snort.te
file, The allow lines
- allow
statements, governing role transitions, The SELinux Role-Based Access Control Model, Role Allow Declarations
- allow_user_direct_mouse macro, Tuning via macros
- allow_user_dmesg macro, Tuning via macros
- allow_user_tcp_server macro, Tuning via macros
- allow_xserver_home_fonts macro, Tuning via macros
- allow_ypbind macro, Tuning via macros
- alternatives to
SELinux, SELinux Components and Linux Security Modules (LSM)
- Analysis tab (Apol
window), Apol, Analysis, Analysis
- any_socket_t type, SELinux General Types
- Apache OpenSSL attack, Privilege Escalation, Applications of SELinux
- apm_bios_t type, SELinux General Types
- Apol tool, Supplementary SELinux tools, Apol, Analysis
- appconfig
subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
- files
in, The appconfig Subdirectory
- append
directive, Setting the initial operating mode
- append
operation, SELinux Operations
- append_logdir_domain macro, SELinux Macros Defined in src/policy/macros
- append_log_domain macro, SELinux Macros Defined in src/policy/macros
- applications of
SELinux, Applications of SELinux
- application_domain macro, SELinux Macros Defined in src/policy/macros
- apt-get
command, Debian GNU/Linux
- architecture of
SELinux, SELinux Architecture, References
- ASLR (Address Space
Layout Randomization), SELinux History
- assert.te file, The Policy Source Directory, The SELinux Policy Source Tree
- associate
operation, SELinux Operations
- attrib.te file, The Policy Source Directory, The SELinux Policy Source Tree
- type attributes defined
in, Attribute Declarations
- attribute declarations
(attribute_def), Attribute Declarations
- at_spool_t type, SELinux General Types
- audit
trails, monitoring attacks with, Logging and auditing
- Audit2allow
utility, The Audit2allow Utility, Using Audit2allow, Using Audit2allow
- auditallow
access vector, Access Decisions, TE Access-Vector Declarations
- conditional declarations
and, Conditional Declarations
- sample declaration, TE Access-Vector Declarations
- auditdeny access
vector, TE Access-Vector Declarations
- conditional declarations
and, Conditional Declarations
- sample declaration, TE Access-Vector Declarations
- auth type attribute, SELinux Type Attributes
- auth-net domain (domains/misc
subdirectory), The domains Subdirectory
- auth_chkpwd type attribute, SELinux Type Attributes
- auth_write type attribute, SELinux Type Attributes
- AVC (access vector
cache), Access Decisions
- avc_enforcing
command, SELinux commands, Dynamically setting the operating mode
- avc_toggle command, SELinux commands, Dynamically setting the operating mode, SELinux Operations
- av_permissions.h
file, The flask/access_vectors file
B
- base_file_read_access macro, SELinux Macros Defined in src/policy/macros
- base_pty_perms macro, SELinux Macros Defined in src/policy/macros
- base_user_domain macro, SELinux Macros Defined in src/policy/macros
- base_user_macros.te
file, The macros Subdirectory, The SELinux Policy Source Tree
- bdev_t type, SELinux General Types
- bdflush
operation, SELinux Operations
- Bell,
David, SELinux History
- binary policy files, creating with checkpolicy
command, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
- bind
operation, SELinux Operations
- bin_t type, SELinux General Types
- blk_file (object security class), Subjects and Objects, Security Object Classes
- Boolean declarations
(bool_def), Boolean Declarations
- Booleans
- setting via SELinux
filesystem, Setting Booleans via the /selinux filesystem
- tuning SELinux
via, Tuning via policy Booleans
- Booleans tab (Apol
window), Policy components
- boot
parameters and setting initial operating
mode, Setting the initial operating mode
- boot problems,
troubleshooting, Boot Problems
- boot time, disabling
SELinux at, Disabling SELinux at boot time
- boot_runtime_t type, SELinux General Types
- boot_t type, SELinux General Types
- Browse Policy tab (Sepcut
window), Sepcut
- buffer overflow attacks, detecting with stack
canaries, Memory protection
C
- cache of log entries in
SELinux, SELinux Logging Subtleties
- can_create_other_pty macro, SELinux Macros Defined in src/policy/macros
- can_create_pty macro, SELinux Macros Defined in src/policy/macros
- can_exec macro, SELinux Macros Defined in src/policy/macros
- can_exec_any macro, SELinux Macros Defined in src/policy/macros
- can_getcon macro, SELinux Macros Defined in src/policy/macros
- can_getsecurity macro, SELinux Macros Defined in src/policy/macros
- can_loadpol macro, SELinux Macros Defined in src/policy/macros
- can_network
macro, Macro invocations, Examining a Sample Policy, SELinux Macros Defined in src/policy/macros
- Audit2allow utility
and, Using Audit2allow
- can_ps macro, SELinux Macros Defined in src/policy/macros
- can_ptrace macro, SELinux Macros Defined in src/policy/macros
- can_setbool macro, SELinux Macros Defined in src/policy/macros
- can_setenforce macro, SELinux Macros Defined in src/policy/macros
- can_setexec macro, SELinux Macros Defined in src/policy/macros
- can_setfscreate macro, SELinux Macros Defined in src/policy/macros
- can_sysctl macro, SELinux Macros Defined in src/policy/macros
- can_tcp_connect macro, SELinux Macros Defined in src/policy/macros
- can_udp_send macro, SELinux Macros Defined in src/policy/macros
- can_unix_connect macro, SELinux Macros Defined in src/policy/macros
- can_unix_send macro, SELinux Macros Defined in src/policy/macros
- can_ypbind
macro, Examining a Sample Policy
- capability (object security class), Subjects and Objects, Security Object Classes
- catman_t type, SELinux General Types
- CERT/CC
(Computer Emergency Response Team Coordination
Center), Software Threats and the Internet
- ChangeLog file, The Policy Source Directory
- change_bool command, Tuning via policy Booleans
- change_sid
operation, SELinux Operations
- chcon utility, SELinux commands
- labeling/relabeling
filesystems, The chcon utility
- checkpolicy command, SELinux commands, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
- check_context
operation, SELinux Operations
- chfn
operation, SELinux Operations
- child and
parent processes, Transition Decisions, The SELinux Type-Enforcement Model
- chmod
command, Access-control lists
- chown
operation, SELinux Operations
- chroot
command, Sandboxes
- chr_file (object security class), Subjects and Objects, Security Object Classes
- chsh
operation, SELinux Operations
- cifs_t type, SELinux General Types
- class name M4 macros, Transition Declarations
- classes of
objects, Subjects and Objects, Security Object Classes
- classes policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- classes, special notations
for, Special notations for types, classes, and permissions, Special notations for types, classes, and permissions
- Classes/Perms tab (Apol
window), Policy components
- clean Makefile target, Using the SELinux Makefile
- clock_device_t type, SELinux General Types
- Coker,
Russell, SELinux History, Debian GNU/Linux
- comments,
prefixing with dnl (do not
list), Tuning via macros, User Declarations, Adding an Ordinary User
- common
declaration, Syntax of access_vectors
- complementation (special
notation), Special notations for types, classes, and permissions
- Computer Emergency Response Team Coordination
Center (CERT/CC), Software Threats and the Internet
- compute_av
operation, SELinux Operations
- compute_create
operation, SELinux Operations
- compute_member
operation, SELinux Operations
- compute_relabel
operation, SELinux Operations
- compute_user
operation, SELinux Operations
- conditional declarations
(cond_stmt_def), Conditional Declarations, Conditional Declarations
- Conditional Expressions tab (Apol
window), Policy rules
- connect
operation, SELinux Operations
- connectto
operation, SELinux Operations
- console_device_t type, SELinux General Types
- constraint
declarations, Constraint Declarations, Constraint Declarations
- special tokens used in, Constraint Declarations
- constraints file, The Policy Source Directory, The SELinux Policy Source Tree
- constraint
declarations
in, Constraint Declarations
- constraints policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- context tokens in regular
expressions, The file_contexts Subdirectory
- context-related
declarations, Other Context-Related Declarations, Nodecon declarations
- syntax
of
- filesystem labeling
declarations, Syntax of Filesystem Labeling Declarations
- genfs
declarations, Syntax of Genfs Declarations
- initial SID context
declarations, Other Context-Related Declarations
- network
declarations, Syntax of Network Declarations, Nodecon declarations
- context_to_sid
operation, SELinux Operations
- COPYING file, The Policy Source Directory
- core_macros.te file, The macros Subdirectory, Special notations for types, classes, and permissions, The SELinux Policy Source Tree
- class name M4 macros, Transition Declarations
- Cowan,
Crispin, Memory protection
- cp command, Modified Linux commands and programs
- cpu_device_t type, SELinux General Types
- create
operation, SELinux Operations
- create_append_log_file macro, SELinux Macros Defined in src/policy/macros
- create_dir_file macro, SELinux Macros Defined in src/policy/macros
- create_dir_notdevfile macro, SELinux Macros Defined in src/policy/macros
- create_dir_perms macro, SELinux Macros Defined in src/policy/macros
- create_file_perms macro, SELinux Macros Defined in src/policy/macros
- create_msgq_perms macro, SELinux Macros Defined in src/policy/macros
- create_sem_perms macro, SELinux Macros Defined in src/policy/macros
- create_shm_perms macro, SELinux Macros Defined in src/policy/macros
- create_socket_perms macro, SELinux Macros Defined in src/policy/macros
- create_stream_socket_perms macro, SELinux Macros Defined in src/policy/macros
- cron program, Modified Linux commands and programs
- troubleshooting, Daemon Problems
- cron_spool_t type, SELinux General Types
- customizing roles, Customizing Roles
- cybercriminals, Active content and mobile code
- Cyrus IMAP daemon, role used
by, Customizing Roles
- cyrus_r role, Customizing Roles
D
- DAC (discretionary
access control), Discretionary and Mandatory Access Control
- vs. SELinux
MAC, Subjects and Objects
- dac_override
operation, SELinux Operations
- dac_read_search
operation, SELinux Operations
- daemons
- starting with run_con
command, Starting non-init daemons and programs
- starting/controlling, Starting and Controlling Daemons
- troubleshooting
problems with, Daemon Problems
- daemon_base_domain macro, SELinux Macros Defined in src/policy/macros
- daemon_core_rules macro, SELinux Macros Defined in src/policy/macros
- daemon_domain macro, SELinux Macros Defined in src/policy/macros
- daemon_sub_domain macro, SELinux Macros Defined in src/policy/macros
- date
command, Installing SELinux to a fresh Gentoo system
- dbus_client_domain type attribute, SELinux Type Attributes
- Debian
GNU/Linux
- demonstration
system, SELinux History
- installing SELinux
on, Debian GNU/Linux, Debian GNU/Linux
- Debian
Sid, Debian GNU/Linux, Debian GNU/Linux
- Debian
Woody, Debian GNU/Linux
- decisions made
by SELinux security servers, Access Decisions, Transition Decisions
- default
roles, assigning, How default roles are assigned
- default_contexts
file, How default roles are assigned, The appconfig Subdirectory
- default_context_t type, SELinux General Types
- default_t type, SELinux General Types
- default_type file, The appconfig Subdirectory
- defense by layers
principle, Protecting Against 0-Days
- defenses
- for hosts, Network and Host Defenses, Access-control lists
- for networks, Network and Host Defenses
- Delete button (Seuserx
window), Seuserx
- demo systems for SELinux, SELinux History
- denial-of-service
attacks, Privilege Escalation
- destroy
operation, SELinux Operations
- detecting
intrusions, Network intrusion detection and prevention systems
- devfile_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
- devfs_control_t type, SELinux General Types
- device-related types, SELinux General Types
- device.te file, The types Subdirectory
- device_t type, SELinux General Types
- device_type type attribute, SELinux Type Attributes
- devlog_t
type, Type Declarations
- devpts (pseudoterminal
filesystem), Syntax of Filesystem Labeling Declarations
- devpts.te file, The types Subdirectory
- devtty_t type, SELinux General Types
- dgram_socket_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
- dir (object security class), Subjects and Objects, Security Object Classes
- direct information flow
analysis, Analysis
- directory tree for SELinux
policy, Two Forms of an SELinux Policy, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
- direct_sysadm_daemon macro, Tuning via macros, User Declarations, Adding a System Administrator
- dir_file_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
- disabling SELinux at boot
time, Disabling SELinux at boot time
- discretionary access control
(DAC), Discretionary and Mandatory Access Control
- vs. SELinux MAC, Subjects and Objects
- dmesg
command, SELinux Logging Subtleties
- dnl (do not list) prefix for
comments, Tuning via macros, User Declarations, Adding an Ordinary User
- domain entry
points, The SELinux Type-Enforcement Model
- domain transition
analysis, Analysis
- domain
transitions, Transition Decisions
- domain type attribute, SELinux Type Attributes
- domains
- allowing access to
existing domains, Allowing a User Access to an Existing Domain
- creating
new, Creating a New Domain, Test and Revise the TE and FC Files as Needed
- entering, using role
statement, The SELinux Role-Based Access Control Model
- protecting memory
with, Sandboxes
- role type
declarations and, Role Type Declarations
- security
attributes, Security Contexts
- transitioning
to, How SELinux Works, Examining a Sample Policy
- what files are
related, Determine What Files Are Related to the Domain
- domains subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
- files/subdirectories
in, The domains Subdirectory
- domain_auto_trans
macro, Macros that specify and authorize transitions, Examining a Sample Policy, SELinux Macros Defined in src/policy/macros
- Audit2allow utility
and, Using Audit2allow
- creating new
domain, Test and Revise the TE and FC Files as Needed
- domain_trans
macro, Macros that specify and authorize transitions, SELinux Macros Defined in src/policy/macros
- dontaudit access
vector, Access Decisions, TE Access-Vector Declarations
- conditional declarations
and, Conditional Declarations
- sample
declaration, TE Access-Vector Declarations
- dosfs_t type, SELinux General Types
- dri_device_t type, SELinux General Types
- Dwerryhouse,
Paul, SUSE Linux
E
- enforce_dest
operation, SELinux Operations
- enforcing
mode, System Modes and SELinux Tuning
- booting system
into, Setting the initial operating mode
- curtailing
unnecessary logging, SELinux Logging Subtleties
- dynamically setting operating
mode, Dynamically setting the operating mode
- enqueue
operation, SELinux Operations
- entrypoint
operation, SELinux Operations
- escalating privileges, Privilege Escalation
- /etc/init.d
directory, Starting and Controlling Daemons
- /etc/passwd
program, Modified Linux commands and programs
- setting user
passwords, Setting user passwords
- /etc/shadow program, Modified Linux commands and programs
- setting user
passwords, Setting user passwords
- etcdir_domain macro, SELinux Macros Defined in src/policy/macros
- etc_aliases_t type, SELinux General Types
- etc_domain macro, SELinux Macros Defined in src/policy/macros
- etc_runtime_t type, SELinux General Types
- etc_t type, SELinux General Types
- etc_writer type attribute, SELinux Type Attributes
- eventpollfs_t type, SELinux General Types
- event_device_t type, SELinux General Types
- execute
operation, SELinux Operations
- execute_no_trans
operation, SELinux Operations
- exec_type type attribute, SELinux Type Attributes
- ext2/ext3 (Linux Ext2/Ext3
filesystems), Syntax of Filesystem Labeling Declarations
F
- faillog_t type, SELinux General Types
- failsafe_context file, The appconfig Subdirectory
- FC (file context)
files, The SELinux Security Policy
- adding permissions
to, Adding Permissions
- creating, Create a Basic FC File
- deleting conflicting
specifications, Delete Conflicting Specifications from Other FC Files
- manual installation by system
administrators, The domains Subdirectory
- testing/revising, Test and Revise the TE and FC Files as Needed, Test and Revise the TE and FC Files as Needed
- understanding how SELinux policy
operates, Anatomy of a Simple SELinux Policy Domain, The type line
- fcron domain (domains/misc
subdirectory), The domains Subdirectory
- fd (object security class), Subjects and Objects, Security Object Classes
- fdisk
command, Installing SELinux to a fresh Gentoo system
- features of
SELinux, SELinux Features, SELinux Components and Linux Security Modules (LSM)
- Fedora
Core, SELinux History
- demonstration
system, SELinux History
- Fedora Core
2
- automatic
transition to sysadm_r role, Using the Makefile to label or relabel filesystems
- Boolean
declarations, Boolean Declarations
- policy elements
and associated files in, SELinux Policy Syntax
- role transition allowed for system
administrators, Starting and Controlling Daemons, Role Transition Declarations
- sestatus command, Setting Booleans via the /selinux filesystem
- supporting SELinux, Linux Distributions Supporting SELinux, Fedora Core 2
- tuning SELinux, Tuning Fedora Core 2 SELinux, Setting Booleans via the /selinux filesystem
- via
macros, Tuning via macros, Tuning via macros
- via policy
Booleans, Tuning via policy Booleans
- type attributes in
SELinux, Attribute Declarations, SELinux Type Attributes, SELinux Type Attributes
- fifo_file (object security class), Subjects and Objects, Security Object Classes
- file (object security class), Subjects and Objects, Security Object Classes
- file context
database, Transient and Persistent Objects
- file context files files) (see FC (file
context)
- file creation and transition
decisions, Transition Decisions
- file labeling, Transient and Persistent Objects
- file
labels
- boot problems and
relabeling filesystems, Boot Problems
- repairing, using restorecon
utility, Setting user passwords
- file security context,
viewing, Viewing a file security context
- file-related types, SELinux General Types, SELinux General Types
- file-type
transitions, Transition Decisions
- file.te file, The types Subdirectory
- filesystem (object security class), Subjects and Objects, Security Object Classes
- filesystem labeling
declarations, Syntax of Filesystem Labeling Declarations
- file_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
- file_contexts file, The file_contexts Subdirectory
- file_contexts
subdirectory, Two Forms of an SELinux Policy
- files/subdirectories
in, The file_contexts Subdirectory, The file_contexts Subdirectory
- file_labels_t type, SELinux General Types
- file_t type, SELinux General Types
- file_type type attribute, SELinux Type Attributes
- file_type_auto_trans
macro, Macros that specify and authorize transitions, SELinux Macros Defined in src/policy/macros
- file_type_trans
macro, Macros that specify and authorize transitions, SELinux Macros Defined in src/policy/macros
- firewalls
- for hosts, Host firewalls and intrusion detection systems
- for networks, Network firewalls
- Firewalls screen of Fedora Core
2, Fedora Core 2
- fixed memory assignments, preventing attacks
based on, Memory protection
- fixed_disk_device_t type, SELinux General Types
- fixfiles
utility
- labeling/relabeling
filesystems, The fixfiles utility
- relabeling
problem scripts
with, Daemon Problems
- troubleshooting login problems
with, Local Login Problems
- flask subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
- files
in, The flask Subdirectory
- flask-related
declarations, Flask-Related Declarations, Syntax of access_vectors
- syntax
of
- access_vectors
file, Syntax of access_vectors, Syntax of access_vectors
- initial_sids file, Syntax of initial_sids
- security_classes file, Syntax of security_classes
- fonts_t type, SELinux General Types
- fork
operation, SELinux Operations
- forward domain
analysis, Analysis
- fowner
operation, SELinux Operations
- framebuf_device_t type, SELinux General Types
- fsetid
operation, SELinux Operations
- fs_domain type attribute, SELinux Type Attributes
- fs_t type, SELinux General Types
- fs_type type attribute, SELinux Type Attributes
- fs_use file, The Policy Source Directory, The SELinux Policy Source Tree
- fs_use policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- fs_use_task
declaration, Syntax of Filesystem Labeling Declarations
- fs_use_trans
declaration, Syntax of Filesystem Labeling Declarations
- fs_use_xattr
declaration, Syntax of Filesystem Labeling Declarations
- FTP
sites for SELinux, Web and FTP Sites
- ftpd_is_daemon macro, Tuning via macros
- ftp_home_dir macro, Tuning via macros
- full_user_role macro, SELinux Macros Defined in src/policy/macros
- futexfs_t type, SELinux General Types
G
- Gartner research on insider
threats, Software Threats and the Internet
- general_domain_access macro, SELinux Macros Defined in src/policy/macros
- general_proc_read_access macro, SELinux Macros Defined in src/policy/macros
- Genfs declarations, Syntax of Genfs Declarations
- genfscon
keyword, Syntax of Genfs Declarations
- genfs_contexts
file, The Policy Source Directory, Syntax of Genfs Declarations, The SELinux Policy Source Tree
- genfs_contexts policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- Gentoo Linux, SELinux History
- Hardened Project
demo system, SELinux History
- installing SELinux
on
- existing systems, Installing SELinux to an existing Gentoo Linux system, Installing SELinux to an existing Gentoo Linux system
- fresh systems, Installing SELinux to a fresh Gentoo system, Installing SELinux to a fresh Gentoo system
- sestatus
command, Setting Booleans via the /selinux filesystem
- getattr
operation, SELinux Operations
- getcap
operation, SELinux Operations
- getenforce command, SELinux commands, Dynamically setting the operating mode
- getopt
operation, SELinux Operations
- getpgid
operation, SELinux Operations
- getsched
operation, SELinux Operations
- getsession
operation, SELinux Operations
- get_sids
operation, SELinux Operations
- get_user_sids
operation, SELinux Operations
- global_macros.te
file, Macro invocations, The macros Subdirectory, The SELinux Policy Source Tree
- GNOME desktop
- troubleshooting problems
with, X Problems
- using with
SELinux, Installing SELinux
- GNU mailing list manager application, role used
by, Customizing Roles
- gphdomain type
attribute, Examining a Sample Policy, SELinux Type Attributes
- GRSecurity, SELinux Components and Linux Security Modules (LSM)
- GRUB
bootloader, Installing SELinux to a fresh Gentoo system, Installing SELinux to an existing Gentoo Linux system, Installing SELinux to an existing Gentoo Linux system
- configuring, Installing SELinux to a fresh Gentoo system
- setting initial operating
mode, Setting the initial operating mode
H
- Hardened
Project (Gentoo) demonstration
system, SELinux History
- hide_broken_symptoms macro, Tuning via macros
- history of
SELinux, SELinux History
- home
directories of users, Adding Users
- homedirfile type attribute, SELinux Type Attributes
- home_dir_type type attribute, SELinux Type Attributes
- home_root_t type, SELinux General Types
- home_type type attribute, SELinux Type Attributes
- honeypots, Active content and mobile code
- hosts, defenses
for, Network and Host Defenses, Access-control lists
I
- icmp_socket_t type, SELinux General Types
- id -Z
command, Changing roles, Viewing a file security context
- id command, Modified Linux commands and programs, Viewing Security Contexts
- identifiers, lowercase vs.
uppercase, Basic Policy Elements
- identifier_list policy
subelement, Basic Policy Elements
- id_comma_list policy
subelement, Basic Policy Elements
- igmp_packet_t type, SELinux General Types
- incident reports, Software Threats and the Internet
- indirect information flow
analysis, Analysis
- init
scripts
- relabeling,
using fixfiles command, Daemon Problems
- starting/controlling
daemons, Starting and Controlling Daemons
- initial operating mode of SELinux system,
setting, Setting the initial operating mode
- initial SID context
declarations, Syntax of Initial SID Context Declarations
- initial SIDs (security
identifiers), Security Contexts
- Initial SIDs tab (Apol
window), Policy components
- initial_sids file in flask
subdirectory, The flask/initial_sids file, Syntax of initial_sids
- initial_sids policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- initial_sid_contexts
file, The Policy Source Directory, The SELinux Policy Source Tree
- initial_sid_contexts policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- initrc_context file, The appconfig Subdirectory
- initrc_t
domain, Transition Decisions
- init_service_domain macro, SELinux Macros Defined in src/policy/macros
- insider
threats, Software Threats and the Internet
- install command, Modified Linux commands and programs
- install Makefile
target, The SELinux Makefile, Using the SELinux Makefile
- installing
SELinux, Installing SELinux
- from
binary or source packages, Installing SELinux from Binary or Source Packages, SUSE Linux
- on Debian
GNU/Linux, Debian GNU/Linux, Debian GNU/Linux
- Fedora Core
2, Linux Distributions Supporting SELinux, Fedora Core 2
- on Gentoo
Linux
- existing
systems, Installing SELinux to an existing Gentoo Linux system, Installing SELinux to an existing Gentoo Linux system
- fresh
systems, Installing SELinux to a fresh Gentoo system, Installing SELinux to a fresh Gentoo system
- from NSA
source, Installing from Source
- overview, Installation Overview
- on RHEL
using RPM packages, RPM-Based Distributions
- on
SUSE Linux using RPM packages, SUSE Linux
- Internet and software
threats, Software Threats and the Internet, Mandatory access control
- intrusion detection
systems, Network intrusion detection and prevention systems, Host firewalls and intrusion detection systems
- intrusion
prevention systems, Network intrusion detection and prevention systems
- invoking
macros
- in ping.te
file, Examining a Sample Policy, Examining a Sample Policy
- in snort.te
file, Macro invocations, Macro invocations
- in_user_role macro, SELinux Macros Defined in src/policy/macros
- ioctl
operation, SELinux Operations
- ipc (object security class), Subjects and Objects, Security Object Classes
- ipc_info
operation, SELinux Operations
- ipc_lock
operation, SELinux Operations
- ipc_owner
operation, SELinux Operations
- iso9660_t type, SELinux General Types
K
- KDE Desktop, troubleshooting problems
with, Installing SELinux, X Problems
- kernel
directive, Setting the initial operating mode
- kernel domain (domains/misc
subdirectory), The domains Subdirectory
- kernel modules in
SELinux, SELinux Components and Linux Security Modules (LSM)
- kernel-image
package, Debian GNU/Linux
- kernel-level code, Kernel-Level Code
- kernel-source
package, Debian GNU/Linux
- kernels
- building
- Debian
GNU/Linux, Debian GNU/Linux
- Gentoo
Linux, Installing SELinux to a fresh Gentoo system, Installing SELinux to an existing Gentoo Linux system
- compiling/installing
- Debian
GNU/Linux, Debian GNU/Linux
- Gentoo
Linux, Installing SELinux to a fresh Gentoo system, Installing SELinux to an existing Gentoo Linux system
- installing SELinux
under Gentoo, Installing SELinux to a fresh Gentoo system
- key_socket (object security class), Subjects and Objects, Security Object Classes
- kill
operation, SELinux Operations
- krb5_conf_t type, SELinux General Types
L
- labeling
decisions, Access Decisions, Transition Decisions, Transition Decisions
- labeling
files/filesystems, Labeling Filesystems and Files
- using chcon
utility, The chcon utility
- using fixfiles
utility, The fixfiles utility
- using
Makefile, Using the Makefile to label or relabel filesystems
- using restorecon
utility, The restorecon utility
- using setfiles
utility, The setfiles utility, Adding Permissions, Load the Revised Policy and Label the Domains
- LaPadula, Leonard, SELinux History
- lastlog_t type, SELinux General Types
- ld_so_cache_t type, SELinux General Types
- ld_so_t type, SELinux General Types
- lease
operation, SELinux Operations
- lib_t type, SELinux General Types
- LILO
bootloader, Installing SELinux to an existing Gentoo Linux system
- configuring instead of
GRUB, Installing SELinux to a fresh Gentoo system
- installing, Debian GNU/Linux
- modifying, Debian GNU/Linux
- setting initial operating
mode, Setting the initial operating mode
- lines in railroad
diagrams, How Railroad Diagrams Work
- link
operation, SELinux Operations
- link_file_perms macro, SELinux Macros Defined in src/policy/macros
- Linux 2.4/2.6 versions of
SELinux, SELinux Versions, Installing SELinux to an existing Gentoo Linux system
- Linux
Security Modules (LSM) feature and SELinux, SELinux Components and Linux Security Modules (LSM), Kernel-Level Code
- linux_immutable
operation, SELinux Operations
- listen
operation, SELinux Operations
- literal symbols in railroad
diagrams, What Railroad Diagrams Do
- lnk_file (object security class), Subjects and Objects, Security Object Classes
- load Makefile
target, The SELinux Makefile, Using the SELinux Makefile
- loading SELinux security
policy, Loading the SELinux Security Policy, The load_policy utility
- load_policy
utility, The load_policy utility, SELinux Operations
- local login
problems, troubleshooting, Local Login Problems
- locale_t type, SELinux General Types
- lock
operation, SELinux Operations
- lockfile type attribute, SELinux Type Attributes
- lock_domain macro, SELinux Macros Defined in src/policy/macros
- log
messages
- format of, SELinux Log Message Format, SELinux Log Message Format
- turning off messages to
console, SELinux Logging Subtleties
- logdir_domain macro, SELinux Macros Defined in src/policy/macros
- logfile type attribute, SELinux Type Attributes
- login program, Modified Linux commands and programs
- login_contexts type attribute, SELinux Type Attributes
- logrotate program, Modified Linux commands and programs
- logs
- Audit2allow
and, Using Audit2allow
- format of
entries, SELinux Log Message Format, SELinux Log Message Format
- limiting rate of
entries, SELinux Logging Subtleties
- monitoring for
attacks, Logging and auditing
- troubleshooting
problems with, SELinux Logging Subtleties
- log_domain macro, SELinux Macros Defined in src/policy/macros
- lost_found_t type, SELinux General Types
- lowercase vs.
uppercase identifiers, Basic Policy Elements
- ls command, Modified Linux commands and programs, Viewing Security Contexts
- LSM
(Linux Security Modules) feature and
SELinux, SELinux Components and Linux Security Modules (LSM), Kernel-Level Code
- LSM-based
SELinux, SELinux Versions
- lsmod
command, Installing SELinux to a fresh Gentoo system
- ls_exec_t type, SELinux General Types
- lynx command, Installing SELinux to a fresh Gentoo system
M
- M4
macros, The SELinux Security Policy
- authorizing access
to files and network operations, Test and Revise the TE and FC Files as Needed
- for
classes, Transition Declarations
- creating role allow
declarations, Role Allow Declarations
- defining roles
associated with users, User Declarations
- dnl (do not list)
comment prefix, Tuning via macros, User Declarations, Adding an Ordinary User
- macro
invocations
- in ping.te
file, Examining a Sample Policy, Examining a Sample Policy
- in snort.te
file, Macro invocations, Macro invocations
- macros
subdirectory, Two Forms of an SELinux Policy, The macros Subdirectory
- tuning SELinux
via, Tuning via macros
- type alias
declarations, generating, Type-Alias Declarations
- MAC (mandatory access
control), Discretionary and Mandatory Access Control
- vs. Linux DAC, Subjects and Objects
- macros subdirectory, Two Forms of an SELinux Policy
- files
in, The macros Subdirectory
- macros defined
in, SELinux Macros Defined in src/policy/macros, SELinux Macros Defined in src/policy/macros
- mailing lists related to
SELinux, Mailing Lists
- mailman_r role, Customizing Roles
- mail_server_domain type attribute, SELinux Type Attributes
- mail_server_sender type attribute, SELinux Type Attributes
- mail_spool_t type, SELinux General Types
- make install command, Two Forms of an SELinux Policy
- make load command, Two Forms of an SELinux Policy
- make reload
command, Two Forms of an SELinux Policy
- Makefile
- labeling/relabeling
filesystems, Using the Makefile to label or relabel filesystems
- loading
SELinux security
policy, The SELinux Makefile
- in policy source
directory, The Policy Source Directory, The SELinux Policy Source Tree
- SELinux binary
policy file generated
by, The SELinux Security Policy
- targets (operations)
supported by, The SELinux Makefile, Using the SELinux Makefile
- mandatory access control
(MAC), Discretionary and Mandatory Access Control
- vs. Linux
DAC, Subjects and Objects
- man_t type, SELinux General Types
- May, Brian, Debian GNU/Linux
- MBR (master
boot record), Debian GNU/Linux, Installing SELinux to an existing Gentoo Linux system
- McGraw,
Gary, Memory protection
- member_sid
operation, SELinux Operations
- memory protection
schemes, Memory protection, Access-control lists
- memory-resident
tables, Transient and Persistent Objects
- memory_device_t type, SELinux General Types
- mini_pty_type type attribute, SELinux Type Attributes
- mini_user_domain macro, SELinux Macros Defined in src/policy/macros
- mini_user_macros.te
file, The macros Subdirectory, The SELinux Policy Source Tree
- misc
subdirectory
- domains
directory, The domains Subdirectory, The SELinux Policy Source Tree
- file_contexts
directory, The file_contexts Subdirectory, The SELinux Policy Source Tree
- misc_device_t type, SELinux General Types
- MITRE Corporation, SELinux History
- mknod
operation, SELinux Operations
- mkswap
command, Installing SELinux to a fresh Gentoo system
- mls file, The Policy Source Directory, The SELinux Policy Source Tree
- mls policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- mlstrustedobject type attribute, SELinux Type Attributes
- mlstrustedreader type attribute, SELinux Type Attributes
- mlstrustedwriter type attribute, SELinux Type Attributes
- mnt_t type, SELinux General Types
- mobile code,
contributing to software threats, Active content and mobile code
- modes
- enforcing vs.
permissive, System Modes and SELinux Tuning
- switching, Switching Modes, Disabling SELinux at boot time
- troubleshooting
program execution problems, Program Execution Problems
- modprobe
command, Installing SELinux to a fresh Gentoo system
- monitoring
SELinux, Monitoring SELinux, The Audit2allow Utility
- mount
operation, SELinux Operations
- mounton
operation, SELinux Operations
- mount_fs_perms macro, SELinux Macros Defined in src/policy/macros
- mouse_device_t type, SELinux General Types
- mqueue_spool_t type, SELinux General Types
- msg (object security class), Subjects and Objects, Security Object Classes
- msgq (object security class), Subjects and Objects, Security Object Classes
- mta_delivery_agent type attribute, SELinux Type Attributes
- mta_user_agent type attribute, SELinux Type Attributes
- mtrr_device_t type, SELinux General Types
- mv command, Modified Linux commands and programs
N
- names policy
subelement, Basic Policy Elements
- name_bind
operation, SELinux Operations
- naming conventions for security
attributes, Security Contexts
- National Security
Agency (see NSA)
- ncurses-dev
package, Debian GNU/Linux
- nested_id_set
policy subelement, Basic Policy Elements
- netbroadcast
operation, SELinux Operations
- netif (object security class), Subjects and Objects, Security Object Classes
- netifcon
declarations, Netifcon declarations
- netif_eth0_t type, SELinux General Types
- netif_eth1_t type, SELinux General Types
- netif_eth2_t type, SELinux General Types
- netif_ippp0_t type, SELinux General Types
- netif_ipsec0_t type, SELinux General Types
- netif_ipsec1_t type, SELinux General Types
- netif_ipsec2_t type, SELinux General Types
- netif_lo_t type, SELinux General Types
- netif_t type, SELinux General Types
- netif_type type attribute, SELinux Type Attributes
- netlink_socket (object security class), Subjects and Objects, Security Object Classes
- netmsg_eth0_t type, SELinux General Types
- netmsg_eth1_t type, SELinux General Types
- netmsg_eth2_t type, SELinux General Types
- netmsg_ippp0_t type, SELinux General Types
- netmsg_ipsec0_t type, SELinux General Types
- netmsg_ipsec1_t type, SELinux General Types
- netmsg_ipsec2_t type, SELinux General Types
- netmsg_lo_t type, SELinux General Types
- netmsg_t type, SELinux General Types
- netmsg_type type attribute, SELinux Type Attributes
- Network
Associates, SELinux History
- network
declarations, Syntax of Network Declarations, Nodecon declarations
- network.te file, The types Subdirectory
- networks
- connectivity issues,
contributing to software threats, Network connectivity
- defenses
for, Network and Host Defenses
- intrusion detection
systems, Network intrusion detection and prevention systems
- types related to, SELinux General Types
- net_admin
operation, SELinux Operations
- net_bind_service
operation, SELinux Operations
- net_conf_t type, SELinux General Types
- net_contexts file, The Policy Source Directory, The SELinux Policy Source Tree
- net_contexts policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- net_raw
operation, Examining a Sample Policy, SELinux Operations
- neverallow rule
type, TE Access-Vector Declarations
- sample declaration, TE Access-Vector Declarations
- newconn
operation, SELinux Operations
- newrole command, SELinux commands, Changing roles
- nfs.te file, The types Subdirectory
- nfsd_control
operation, SELinux Operations
- nfsd_fs_t type, SELinux General Types
- nfs_export_all_ro macro, Tuning via macros
- nfs_export_all_rw macro, Tuning via macros
- nfs_home_dirs macro, Tuning via macros
- Nmap
program
- adding permissions
to, Adding Permissions, Adding Permissions
- allowing access to existing
domains, Allowing a User Access to an Existing Domain
- Audit2allow utility
and, Using Audit2allow, Using Audit2allow
- nmap-services
file, read access denied
to, Adding Permissions, Adding Permissions
- noatsecure
operation, SELinux Operations
- node (object security class), Subjects and Objects, Security Object Classes
- nodecon declarations, Nodecon declarations
- node_bind
operation, SELinux Operations
- node_compat_ipv4_t type, SELinux General Types
- node_inaddr_any_t type, SELinux General Types
- node_internal_t type, SELinux General Types
- node_link_local_t type, SELinux General Types
- node_lo_t type, SELinux General Types
- node_mapped_ipv4_t type, SELinux General Types
- node_multicast_t type, SELinux General Types
- node_site_local_t type, SELinux General Types
- node_t type, SELinux General Types
- node_type type attribute, SELinux Type Attributes
- node_unspec_t type, SELinux General Types
- noexattrfile type attribute, SELinux Type Attributes
- nonexecutable
stacks, Memory protection
- notdevfile_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
- no_access_t type, SELinux General Types
- NSA (National Security
Agency)
- installing SELinux on unsupported
platforms, Installing from Source
- mailing list for
SELinux, Mailing Lists
- versions of
SELinux, SELinux Versions
- web site for
SELinux, Web and FTP Sites
- NSA SELinux boot parameter
option, Switching Modes
- disabling SELinux at boot
time, Disabling SELinux at boot time
- NSA SELinux
Development support option, System Modes and SELinux Tuning
- setting initial operating
mode, Setting the initial operating mode
- nscd_all_connect macro, Tuning via macros
- null_device_t type, SELinux General Types
O
- objects, Subjects and Objects, Subjects and Objects
- access
to, decisions regarding, Access Decisions, Access Decisions
- parsing log
messages, SELinux Log Message Format
- persistent, Transient and Persistent Objects
- restricting ability
to relabel objects, Constraint Declarations
- rules governing
access to, Access Decisions
- security classes
of, Subjects and Objects, Security Object Classes
- transient, Transient and Persistent Objects
- object_r (dummy
role), Security Contexts
- operating mode of
SELinux system, dynamically setting, Dynamically setting the operating mode
- Orange Book, SELinux History, Overview of the SELinux Security Model
- ovals in railroad
diagrams, How Railroad Diagrams Work
- overview
of
- installation
process, Installation Overview
- SELinux security
model, Overview of the SELinux Security Model, References
P
- packages,
installing, Debian GNU/Linux, Debian GNU/Linux
- packet_perms macro, SELinux Macros Defined in src/policy/macros
- packet_socket (object security class), Subjects and Objects, Security Object Classes
- pam program, Modified Linux commands and programs
- parent and
child processes, Transition Decisions, The SELinux Type-Enforcement Model
- parsing
log messages, SELinux Log Message Format
- passwd (object security class), Subjects and Objects, Security Object Classes
- passwd
command, Installing SELinux to a fresh Gentoo system, Setting user passwords, SELinux Operations
- passwords
- setting for
users, Setting user passwords
- patch cycles and 0-day
vulnerabilities, The Patch Cycle and the 0-Day Problem, Protecting Against 0-Days
- PaX project, SELinux History
- permissions
- adding, Adding Permissions, Adding Permissions
- associated with
classes, Syntax of access_vectors
- associated with
file-like objects, Syntax of access_vectors
- extending to
processes in domain, Examining a Sample Policy
- restricting, with
constraint declarations, Constraint Declarations
- special
notations for, Special notations for types, classes, and permissions, Special notations for types, classes, and permissions
- permissive
mode, System Modes and SELinux Tuning
- booting
system into, Setting the initial operating mode
- curtailing unnecessary
logging, SELinux Logging Subtleties
- dynamically setting operating
mode, Dynamically setting the operating mode
- setting,
before using Audit2allow, Using Audit2allow
- persistent
labels
- filesystems not
supporting, Syntax of Genfs Declarations
- filesystems
supporting, Syntax of Filesystem Labeling Declarations
- persistent
objects, Transient and Persistent Objects
- persistent security identifiers (PSIDs), storing
on filesystems, Transient and Persistent Objects
- pidfile type attribute, SELinux Type Attributes
- ping command, controlling access
to, Boolean Declarations
- ping.fc file, examining sample
policy, Examining a Sample Policy
- ping.te
file
- basic policy
elements, Basic Policy Elements
- conditional statement declaration
in, Conditional Declarations
- domain_auto_trans macro, invoked
in, Macros that specify and authorize transitions
- examining sample
policy, Examining a Sample Policy
- role type declarations
in, Role Type Declarations
- pipefs (pseudofilesystem with
pipe), Syntax of Filesystem Labeling Declarations
- policy
Booleans
- initializing in ping.te
file, Examining a Sample Policy
- setting via SELinux
filesystem, Setting Booleans via the /selinux filesystem
- tuning SELinux
via, Tuning via policy Booleans
- Policy Components tab (Apol
window), Apol, Policy components
- policy constraint
declarations, Constraint Declarations, Constraint Declarations
- policy database of SELinux security
server, Subjects and Objects
- policy elements
- and associated
files, SELinux Policy Syntax
- list
of, SELinux Policy Syntax, Review of SELinux Policy Syntax
- subelements appearing
in, Basic Policy Elements, Basic Policy Elements
- policy files, How SELinux Works, Examining a Sample Policy
- (see also SELinux
policy)
- browsing/editing with
SePCuT, Supplementary SELinux tools
- checkpolicy
command, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
- choosing to
delete, The SELinux Makefile
- compiling, Debian GNU/Linux
- compiling from
source, The SELinux Makefile
- creating/loading, The SELinux Security Policy
- policy
Makefile target, The SELinux Makefile, Using the SELinux Makefile
- policy management
tools, Policy Management Tools, Seuserx
- Policy Modules tab (Sepcut
window), Sepcut
- Policy Rules tab (Apol
window), Apol, Policy rules
- policy source directory
files, The Policy Source Directory, The Policy Source Directory
- policy source
tree, Two Forms of an SELinux Policy, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
- policy structure of
SELinux, SELinux Policy Structure, The Policy Source Directory
- policy.<Emphasis>??<Default Para
Font> file, The Policy Source Directory, The SELinux Policy Source Tree
- policy.conf
file, The Policy Source Directory, The SELinux Policy Source Tree
- analyzing, with Apol
tool, Supplementary SELinux tools
- checkpolicy command
and, Two Forms of an SELinux Policy
- policy.conf tab (Apol
window), Apol
- policy.spec file, The Policy Source Directory
- policy_config_t type, SELinux General Types
- policy_src_t type, SELinux General Types
- poly_t type, SELinux General Types
- pop_port_t type, SELinux General Types
- portcon declarations, Portcon declarations
- port_t type, SELinux General Types
- port_type type attribute, SELinux Type Attributes
- ppp_device_t type, SELinux General Types
- principle of least
privilege, Privilege Escalation
- authorizing Nmap access
and, Allowing a User Access to an Existing Domain
- Fedora Core SELinux implementation
and, Fedora Core 2
- mandatory access
control, Mandatory access control
- network declarations
and, Syntax of Network Declarations
- print_spool_t type, SELinux General Types
- privfd type attribute, SELinux Type Attributes
- privhome type attribute, SELinux Type Attributes
- privileges, escalating, Privilege Escalation
- privlog type
attribute, Type Declarations, SELinux Type Attributes
- privmail type attribute, SELinux Type Attributes
- privmem type attribute, SELinux Type Attributes
- privmodule type attribute, SELinux Type Attributes
- privowner type attribute, SELinux Type Attributes
- privrole type attribute, SELinux Type Attributes
- privuser type attribute, SELinux Type Attributes
- priv_system_role type attribute, SELinux Type Attributes
- /proc, types related to, SELinux General Types
- process (object security class), Subjects and Objects, Security Object Classes
- processes
- child/parent, Transition Decisions, The SELinux Type-Enforcement Model
- choosing
security contexts, Transition Decisions
- creating, Transition Decisions
- and programs, distinctions
between, Subjects and Objects
- RBAC
(role-based access control), Role-Based Access Control, Role Allow Declarations
- reporting
security context of, Viewing a process security context
- security context
of, The SELinux Role-Based Access Control Model
- procfs.te file, The types Subdirectory
- proc_kcore_t type, SELinux General Types
- proc_kmsg_t type, SELinux General Types
- proc_t type, SELinux General Types
- program
execution problems, troubleshooting, Program Execution Problems
- program
subdirectory
- domains
directory, The domains Subdirectory, The SELinux Policy Source Tree
- file_contexts
directory, The file_contexts Subdirectory, The SELinux Policy Source Tree
- macros
directory, The macros Subdirectory, The SELinux Policy Source Tree
- Propolice
project, SELinux History
- protecting memory from 0-day
attacks, Memory protection, Access-control lists
- ps command, Modified Linux commands and programs, Viewing Security Contexts, Viewing a process security context
- pseudofilesystems,
mounting, Installing SELinux to a fresh Gentoo system, Installing SELinux to an existing Gentoo Linux system
- pseudoterminal
filesystem (devpts), Syntax of Filesystem Labeling Declarations
- PSIDs
(persistent security identifiers), storing on
filesystems, Transient and Persistent Objects
- ptrace facility, SELinux Operations
- exploited
during Apache OpenSSL attack, Privilege Escalation, Applications of SELinux
- ptyfile type
attribute, Examining a Sample Policy, SELinux Type Attributes
- pty_slave_label macro, SELinux Macros Defined in src/policy/macros
R
- railroad
diagrams
- fine points
of, Basic Policy Elements
- how they
work, How Railroad Diagrams Work, How Railroad Diagrams Work
- SELinux policy
syntax, SELinux Policy Syntax, SELinux Policy Syntax
- symbols specified
by, What Railroad Diagrams Do
- what they
do, What Railroad Diagrams Do
- ramfs_t type, SELinux General Types
- random assignment
of memory, Memory protection
- random_device_t type, SELinux General Types
- raw IP packets,
sending/receiving, Examining a Sample Policy
- raw IP sockets,
creating/modifying, Examining a Sample Policy
- rawip_recv
operation, SELinux Operations
- rawip_send
operation, SELinux Operations
- rawip_socket (object security class), Subjects and Objects, Security Object Classes
- ra_dir_create_file macro, SELinux Macros Defined in src/policy/macros
- ra_dir_file macro, SELinux Macros Defined in src/policy/macros
- ra_dir_perms macro, SELinux Macros Defined in src/policy/macros
- ra_file_perms macro, SELinux Macros Defined in src/policy/macros
- RBAC (role-based access
control), How SELinux Works, Role-Based Access Control, Role Allow Declarations
- declarations
- te_rbac
policy element, SELinux Policy Syntax
- types
of, Role-Based Access Control Declarations, Role Allow Declarations
- rbac file, The Policy Source Directory, The SELinux Policy Source Tree
- RBAC Rules tab (Apol
window), Policy rules
- read
operation, SELinux Operations
- readable_t type, SELinux General Types
- readhome macro, Tuning via macros
- README file, The Policy Source Directory
- read_default_t macro, Tuning via macros
- read_locale macro, SELinux Macros Defined in src/policy/macros
- read_sysctl macro, SELinux Macros Defined in src/policy/macros
- receive
operation, SELinux Operations
- recvfrom
operation, SELinux Operations
- recv_msg
operation, SELinux Operations
- Red Hat, SELinux History
- Red Hat Enterprise
Linux (see RHEL)
- regular expressions
- in file-context
specifications, The file_contexts Subdirectory
- in
railroad diagrams, How Railroad Diagrams Work
- in snort.fc
file, The snort.fc File
- relabel Makefile target, The SELinux Makefile, Using the SELinux Makefile
- relabelfrom
operation, SELinux Operations
- relabeling
filesystems
- using chcon
utility, The chcon utility
- using fixfiles
utility, The fixfiles utility
- using
Makefile, Using the Makefile to label or relabel filesystems
- using restorecon
utility, The restorecon utility
- using
setfiles utility, The setfiles utility, Adding Permissions, Load the Revised Policy and Label the Domains
- relabelto
operation, SELinux Operations
- relational operators used in conditional
expressions, Conditional Declarations
- reload Makefile target, The SELinux Makefile, Using the SELinux Makefile
- remount
operation, SELinux Operations
- removable_device_t type, SELinux General Types
- remove_name
operation, SELinux Operations
- Ren,
Chris, Memory protection
- rename
operation, SELinux Operations
- reparent
operation, SELinux Operations
- replaceable text
- in railroad
diagrams, What Railroad Diagrams Do, Transition Declarations
- special notation for
types/classes/permissions, Special notations for types, classes, and permissions
- resolv_conf_t type, SELinux General Types
- restorecon
utility
- labeling/relabeling
filesystems, The restorecon utility
- repairing file
labels, Setting user passwords
- reverse domain
analysis, Analysis
- RHEL (Red Hat Enterprise
Linux)
- installing SELinux using RPM
packages, RPM-Based Distributions
- SELinux
support, Linux Distributions Supporting SELinux
- rlimitinh
operation, SELinux Operations
- rmdir
operation, SELinux Operations
- role
statements, authorizing roles to enter domains, The SELinux Role-Based Access Control Model
- role-based access
control (see RBAC)
- roles in
SELinux, Security Contexts, Entering a Role
- assigning
default roles, How default roles are assigned
- assigning,
with user statement, The SELinux Role-Based Access Control Model
- associating users with nondefault
roles, Associating a user with a nondefault role
- associating, with user
declarations, User Declarations
- authorizing access to
domain, Examining a Sample Policy
- constraining changes between identities
and, Constraint Declarations
- customizing, Customizing Roles
- entering a different
role, Changing roles
- newrole command, Changing roles
- transitions
between, using allow
statements, The SELinux Role-Based Access Control Model, Role Allow Declarations
- Roles tab (Apol window), Policy components
- roletrans_def
declaration, Role-Based Access Control Declarations
- role_allow_def
declaration, Role-Based Access Control Declarations, Role Allow Declarations
- role_dominance
declaration, Role-Based Access Control Declarations
- role_type_def
declaration, Role-Based Access Control Declarations
- romfs_t type, SELinux General Types
- root user, Creating an SELinux User
- rootok
operation, SELinux Operations
- root_default_contexts
file, The appconfig Subdirectory
- root_dir_type type attribute, SELinux Type Attributes
- root_t type, SELinux General Types
- rpc_pipefs_t type, SELinux General Types
- RPM packages
- in Fedora Core 2, Fedora Core 2
- installing
SELinux using, RPM-Based Distributions
- run_con command, starting non-init daemons
with, Starting non-init daemons and programs
- run_init command, SELinux commands
- run_init command,
starting daemons with, Starting and Controlling Daemons
- run_ssh_inetd macro, Tuning via macros
- rw_dir_create_file macro, SELinux Macros Defined in src/policy/macros
- rw_dir_file macro, SELinux Macros Defined in src/policy/macros
- rw_dir_perms macro, SELinux Macros Defined in src/policy/macros
- rw_file_perms macro, SELinux Macros Defined in src/policy/macros
- rw_msgq_perms macro, SELinux Macros Defined in src/policy/macros
- rw_sem_perms macro, SELinux Macros Defined in src/policy/macros
- rw_shm_perms macro, SELinux Macros Defined in src/policy/macros
- rw_socket_perms macro, SELinux Macros Defined in src/policy/macros
- rw_stream_socket_perms macro, SELinux Macros Defined in src/policy/macros
- rx_file_perms macro, SELinux Macros Defined in src/policy/macros
- r_dir_file macro, SELinux Macros Defined in src/policy/macros
- r_dir_perms macro, SELinux Macros Defined in src/policy/macros
- r_file_perms macro, SELinux Macros Defined in src/policy/macros
- r_msgq_perms macro, SELinux Macros Defined in src/policy/macros
- r_sem_perms macro, SELinux Macros Defined in src/policy/macros
- r_shm_perms macro, SELinux Macros Defined in src/policy/macros
S
- sambafs_t type, SELinux General Types
- sample policy,
examining, Examining a Sample Policy, Examining a Sample Policy
- sandboxes
- protecting memory
with, Sandboxes
- sbin_t type, SELinux General Types
- scanner_device_t type, SELinux General Types
- SCC (Secure Computing
Corporation), SELinux History
- scmp_packet_t type, SELinux General Types
- scsi_generic_device_t type, SELinux General Types
- search
operation, SELinux Operations
- Seaudit tool, Supplementary SELinux tools, Policy Management Tools, Seaudit
- SeCmds tool, Supplementary SELinux tools
- Secure Computing Corporation
(SCC), SELinux History
- secure_levels macro, Tuning via macros
- security (object security class), Subjects and Objects, Security Object Classes
- security
attributes
- associated with
subjects/objects, Security Contexts
- naming conventions
for, Security Contexts
- security
contexts, How SELinux Works, Security Contexts, Security Contexts
- assigned to filesystems by Genfs
declarations, Syntax of Genfs Declarations
- assigning to new
users, Adding Users
- changing permissions, to prevent denial
messages, Adding Permissions, Adding Permissions
- elements
of, The SELinux Role-Based Access Control Model
- of files,
determining, Determine the Security Contexts of the Files
- for
new domain, Decide on Appropriate Security Contexts for the New Domain
- of hosts,
specifying, Nodecon declarations
- of
local ports, specifying, Portcon declarations
- of network interfaces,
specifying, Netifcon declarations
- of
objects having initial SIDs, Syntax of Initial SID Context Declarations
- specifying,
when starting programs, Starting non-init daemons and programs
- starting init scripts in
correct, Starting and Controlling Daemons
- viewing, Viewing Security Contexts
- security
contexts
- for Snort-related
directories/files, The snort.fc File
- security identifiers (SIDs), Security Contexts
- flask/initial_sids
file, The flask/initial_sids file
- security model
for SELinux, overview of, Overview of the SELinux Security Model, References
- security object
classes, Subjects and Objects, Security Object Classes
- security policy for
SELinux, The SELinux Security Policy, The SELinux Security Policy
- associating users with nondefault
roles, Associating a user with a nondefault role
- enforcing mode vs. permissive
mode, System Modes and SELinux Tuning
- loading, Loading the SELinux Security Policy, The load_policy utility
- roles defined
by, Entering a Role
- rules for dynamically setting operating
mode, Dynamically setting the operating mode
- security.te file, The types Subdirectory
- security_classes file in flask
subdirectory, The flask/security_classes file, Syntax of security_classes
- security_t type, SELinux General Types
- SELinux
- applications
of, Applications of SELinux
- architecture
of, SELinux Architecture, References
- commands
- for
administration/use, SELinux commands
- modified
Linux commands, Modified Linux commands and programs
- supplementary, Supplementary SELinux tools
- Fedora
Core 2 support of, Linux Distributions Supporting SELinux, Fedora Core 2
- FTP sites
for, Web and FTP Sites
- history
of, SELinux History
- installing (see installing
SELinux)
- kernel-level
code, Kernel-Level Code
- limiting rate of log
entries, SELinux Logging Subtleties
- Linux 2.4/2.6
versions of, SELinux Versions, Installing SELinux to an existing Gentoo Linux system
- log
message format, SELinux Log Message Format, SELinux Log Message Format
- LSM (Linux Security
Modules) feature and, SELinux Components and Linux Security Modules (LSM), Kernel-Level Code
- LSM-based version
of, SELinux Versions
- monitoring, Monitoring SELinux, The Audit2allow Utility
- operations, SELinux Operations, SELinux Operations
- overview
of security model, Overview of the SELinux Security Model, References
- policy
structure, SELinux Policy Structure, The Policy Source Directory
- roles, Entering a Role
- entering
a different role, Changing roles
- newrole
command, Changing roles
- security
policy (see security policy for
SELinux)
- source
files, The SELinux Security Policy, The SELinux Security Policy
- switching
modes, Switching Modes, Disabling SELinux at boot time
- tools
in, SELinux Tools
- troubleshooting, Troubleshooting SELinux, X Problems
- types related to, SELinux General Types
- User-Mode Linux (UML)
and, SELinux Components and Linux Security Modules (LSM)
- versions
of, SELinux Versions
- web sites
for, Web and FTP Sites
- using
X with, Installing SELinux
- /selinux
filesystem, Dynamically setting the operating mode
- SELinux
policy, The SELinux Policy
- (see also entries under policy)
- examining sample
policy, Examining a Sample Policy, Examining a Sample Policy
- FC (file context)
files, Anatomy of a Simple SELinux Policy Domain
- source tree, The SELinux Policy Source Tree
- syntax of, SELinux Policy Syntax, SELinux Policy Syntax
- TE (type enforcement)
files, Anatomy of a Simple SELinux Policy Domain
- two forms
of, Two Forms of an SELinux Policy
- SELinux policy compiler, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
- selinux-policy-default
package, Debian GNU/Linux
- sem (object security class), Subjects and Objects, Security Object Classes
- send
operation, SELinux Operations
- sendto
operation, SELinux Operations
- send_msg
operation, SELinux Operations
- Sepcut tool, Supplementary SELinux tools, Policy Management Tools, Sepcut
- server_pty type attribute, SELinux Type Attributes
- serviceusers file, The Policy Source Directory, The SELinux Policy Source Tree
- sestatus command, Setting Booleans via the /selinux filesystem
- setattr
operation, SELinux Operations
- setbool
command, Boolean Declarations, SELinux Operations
- setcap
operation, SELinux Operations
- setenforce command, SELinux commands, Dynamically setting the operating mode, SELinux Operations
- setfiles command, SELinux commands
- setfiles utility, Transient and Persistent Objects
- labeling/relabeling
filesystems, The setfiles utility, Adding Permissions, Load the Revised Policy and Label the Domains
- relabeling
problem scripts with, Daemon Problems
- repairing
file labels, Setting user passwords
- troubleshooting login problems
with, Local Login Problems
- setfscreate
operation, SELinux Operations
- setgid
operation, SELinux Operations
- setopt
operation, SELinux Operations
- setpcap
operation, SELinux Operations
- setpgid
operation, SELinux Operations
- setrlimit
operation, SELinux Operations
- setsched
operation, SELinux Operations
- setuid
operation, Examining a Sample Policy, SELinux Operations
- Seuserx tool, Supplementary SELinux tools, Policy Management Tools, Seuserx
- shadow_t type, SELinux General Types
- share
operation, SELinux Operations
- shared library in
SELinux, The SELinux Shared Library
- shell_exec_t type, SELinux General Types
- shlib_t type, SELinux General Types
- shm (object security class), Subjects and Objects, Security Object Classes
- shm (pseudofilesystem with shared memory
object), Syntax of Filesystem Labeling Declarations
- show_bools command, Tuning via policy Booleans
- shutdown
operation, SELinux Operations
- Sid (Debian GNU/Linux 3.0
unstable), Debian GNU/Linux, Debian GNU/Linux
- SIDs (security
identifiers), Security Contexts
- flask/initial_sids
file, The flask/initial_sids file
- sid_to_context
operation, SELinux Operations
- sigchld
operation, SELinux Operations
- siginh
operation, SELinux Operations
- sigkill
operation, SELinux Operations
- signal
operation, SELinux Operations
- signal_perms macro, SELinux Macros Defined in src/policy/macros
- signull
operation, SELinux Operations
- sigstop
operation, SELinux Operations
- single_userdomain macro, Tuning via macros
- Smalley,
Stephen, References, The SELinux policy compiler (checkpolicy)
- snapshots of current
processes, Viewing a process security context
- Snort intrusion detection
application, files associated with, Anatomy of a Simple SELinux Policy Domain, Macro invocations
- snort.fc
file, The snort.fc File
- snort.te
file, The snort.te File
- socket (object security class), Subjects and Objects, Security Object Classes
- socket_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
- socket_type type attribute, SELinux Type Attributes
- sockfs (pseudofilesystem with
socket), Syntax of Filesystem Labeling Declarations
- sock_file (object security class), Subjects and Objects, Security Object Classes
- software complexity,
contributing to software threats, Software complexity
- software threats and the
Internet, Software Threats and the Internet, Mandatory access control
- sound_device_t type, SELinux General Types
- source files for
SELinux, The SELinux Security Policy, The SELinux Security Policy
- checkpolicy command
and, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
- SPEC file, The Policy Source Directory
- special notations for
types/classes/permissions, Special notations for types, classes, and permissions, Special notations for types, classes, and permissions
- special tokens in regular
expressions, The file_contexts Subdirectory
- src_t type, SELinux General Types
- ssh program, Modified Linux commands and programs
- SSHd program,
troubleshooting, Daemon Problems
- sshd_t
domain, Transition Decisions
- ssh_sysadm_login macro, Tuning via macros
- stack
canaries, Memory protection
- stacks,
nonexecutable, Memory protection
- staff_r role, Entering a Role, Customizing Roles
- authorizing
users to access
domain, Test and Revise the TE and FC Files as Needed
- limiting permissions available to
users, Allowing a User Access to an Existing Domain
- staff_read_sysadm_file macro, Tuning via macros
- startx domain (domains/misc
subdirectory), The domains Subdirectory
- status information, viewing with sestatus
command, Setting Booleans via the /selinux filesystem
- stat_file_perms macro, SELinux Macros Defined in src/policy/macros
- stream_socket_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
- subjects, Subjects and Objects, Subjects and Objects
- subtraction (special
notation), Special notations for types, classes, and permissions
- SUSE
Linux, SELinux History
- installing SELinux using RPM
packages, SUSE Linux
- swapfile_t type, SELinux General Types
- swapon
operation, SELinux Operations
- switching SELinux
modes, Switching Modes, Disabling SELinux at boot time
- troubleshooting program execution
programs, Program Execution Problems
- syntax
diagrams, What Railroad Diagrams Do, How Railroad Diagrams Work
- sysadmfile type attribute, SELinux Type Attributes
- sysadm_r role, Entering a Role
- changing user_r role
to, Associating a user with a nondefault role
- customizing, Customizing Roles
- transitioning to, Adding a System Administrator
- sysctl_dev_t type, SELinux General Types
- sysctl_fs_t type, SELinux General Types
- sysctl_hotplug_t type, SELinux General Types
- sysctl_irq_t type, SELinux General Types
- sysctl_kernel_t type, SELinux General Types
- sysctl_kernel_writer type attribute, SELinux Type Attributes
- sysctl_modprobe_t type, SELinux General Types
- sysctl_net_t type, SELinux General Types
- sysctl_net_unix_t type, SELinux General Types
- sysctl_net_writer type attribute, SELinux Type Attributes
- sysctl_rpc_t type, SELinux General Types
- sysctl_t type, SELinux General Types
- sysctl_type type attribute, SELinux Type Attributes
- sysctl_vm_t type, SELinux General Types
- sysfs_t type, SELinux General Types
- syslogd domain
definition, Type Declarations
- syslogd_t
type, Type Declarations
- syslog_console
operation, SELinux Operations
- syslog_mod
operation, SELinux Operations
- syslog_read
operation, SELinux Operations
- system (object security class), Subjects and Objects, Security Object Classes
- system
administrators, adding, Adding a System Administrator
- system_domain macro, SELinux Macros Defined in src/policy/macros
- system_map_t type, SELinux General Types
- system_r role, Entering a Role, Customizing Roles
- sys_admin
operation, SELinux Operations
- sys_boot
operation, SELinux Operations
- sys_chroot
operation, SELinux Operations
- sys_module
operation, SELinux Operations
- sys_nice
operation, SELinux Operations
- sys_pacct
operation, SELinux Operations
- sys_ptrace
operation, SELinux Operations
- sys_rawio
operation, SELinux Operations
- sys_resource
operation, SELinux Operations
- sys_time
operation, SELinux Operations
- sys_tty_config
operation, SELinux Operations
T
- tape_device_t type, SELinux General Types
- targets
(operations) supported by Makefile, The SELinux Makefile, Using the SELinux Makefile
- tcp_recv
operation, SELinux Operations
- tcp_send
operation, SELinux Operations
- tcp_socket (object security class), Subjects and Objects, Security Object Classes
- tcp_socket_t type, SELinux General Types
- TCSEC (Trusted
Computer System Evaluation Criteria), SELinux History
- TE
(type enforcement) declarations, Type-Enforcement Declarations, Conditional Declarations
- te_rbac policy
element, SELinux Policy Syntax
- TE (type enforcement)
files, The SELinux Security Policy
- avoiding modification of
existing files, Using Audit2allow
- creating, Create a Basic TE File, Using Audit2allow
- manual installation by system
administrators, The domains Subdirectory
- role type declarations
and, Role Type Declarations
- testing/revising, Test and Revise the TE and FC Files as Needed, Test and Revise the TE and FC Files as Needed
- troubleshooting, Setting the initial operating mode
- understanding how SELinux policy
operates, Anatomy of a Simple SELinux Policy Domain, Macro invocations
- TE (type enforcement)
model, How SELinux Works, The SELinux Type-Enforcement Model
- TE access-vector declarations
(te_avtab_def), TE Access-Vector Declarations, Macros that specify and authorize transitions
- TE Rules tab (Apol
window), Policy rules
- Test Policy tab (Sepcut
window), Sepcut
- test_file_t type, SELinux General Types
- tetex_data_t type, SELinux General Types
- te_rbac policy
element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- TE and
RBAC declarations, SELinux Policy Syntax
- Thompson, Kerry, Web and FTP Sites
- threats to the
Internet, Software Threats and the Internet, Mandatory access control
- active content contributing
to, Active content and mobile code
- mobile code contributing
to, Active content and mobile code
- network connectivity contributing
to, Network connectivity
- software complexity contributing
to, Software complexity
- tmp
subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
- tmpfile type attribute, SELinux Type Attributes
- tmpfs (pseudofilesystem with memory-resident
filesystem), Syntax of Filesystem Labeling Declarations
- tmpfsfile type attribute, SELinux Type Attributes
- tmpfs_domain macro, SELinux Macros Defined in src/policy/macros
- tmpfs_t type, SELinux General Types
- tmp_domain macro, SELinux Macros Defined in src/policy/macros
- tmp_t type, SELinux General Types
- tokens in regular
expressions, The file_contexts Subdirectory
- tools in
SELinux, SELinux Tools
- traceroute command,
controlling access to, Boolean Declarations
- traceroute_t
domain, Adding Permissions
- authorizing access
- to
entire domain, Allowing a User Access to an Existing Domain
- to
pseudoterminals, Test and Revise the TE and FC Files as Needed
- using macros, Test and Revise the TE and FC Files as Needed
- examining
FC file for, Adding Permissions
- transient
objects, Transient and Persistent Objects
- transition
decisions, Access Decisions, Transition Decisions, Transition Decisions
- transition declarations
(transition_def), Transition Declarations
- transition
operation, SELinux Operations
- transitioning to new
domains, How SELinux Works, Examining a Sample Policy
- transitions
- authorizing, with
access-vector rules, Macros that specify and authorize transitions
- between roles,
governed by allow statements, The SELinux Role-Based Access Control Model, Role Allow Declarations
- specifying, with
type-transition rules, Macros that specify and authorize transitions
- transition_sid
operation, SELinux Operations
- transitive
information flow analysis, Analysis
- Tresys
Technology
- Apol tool, Apol, Analysis
- policy management
tools, Policy Management Tools, Seuserx
- Seaudit tool, Seaudit
- Sepcut tool, Sepcut
- Seuserx
tool, Seuserx
- tools provided
by, Supplementary SELinux tools
- troubleshooting
SELinux, Troubleshooting SELinux, X Problems
- boot problems, Setting the initial operating mode, Boot Problems
- daemon problems, Daemon Problems
- local login
problems, Local Login Problems
- program execution
problems, Program Execution Problems
- X problems, X Problems
- Trusted Computer System Evaluation Criteria
(TCSEC), SELinux History
- TrustedBSD, SELinux Components and Linux Security Modules (LSM)
- ttyfile type
attribute, Examining a Sample Policy, SELinux Type Attributes
- tty_device_t type, SELinux General Types
- tunable.te
file, The Policy Source Directory, The SELinux Policy Source Tree
- enabling/disabling direct_sysadm_daemon
macro, Adding a System Administrator
- enabling/disabling user_canbe_sysadm
macro, Adding an Ordinary User
- macros defined
in, Tuning via macros, Tuning via macros
- tuning
- Fedora
Core 2 SELinux, Tuning Fedora Core 2 SELinux, Setting Booleans via the /selinux filesystem
- via
macros, Tuning via macros, Tuning via macros
- via policy
Booleans, Tuning via policy Booleans
- tun_tap_device_t type, SELinux General Types
- type
attributes
- creating/modifying, Type Declarations, Examining a Sample Policy
- in Fedora Core 2
SELinux, Attribute Declarations, SELinux Type Attributes, SELinux Type Attributes
- type declarations
(type_def), Type Declarations
- type enforcement
(TE) declarations, Type-Enforcement Declarations, Conditional Declarations
- te_rbac policy
element, SELinux Policy Syntax
- type enforcement (TE)
model, How SELinux Works, The SELinux Type-Enforcement Model
- type enforcement files files (see TE
(type enforcement)
- type
line in snort.te file, The type line
- type tokens in regular
expressions, The file_contexts Subdirectory
- type
transitions, Transition Decisions
- authorizing
automatic, Test and Revise the TE and FC Files as Needed
- rules for
specifying transitions, Macros that specify and authorize transitions
- syntax
of, Transition Declarations
- type-alias declarations
(typealias_def), Type-Alias Declarations
- types in
SELinux, Security Contexts, SELinux General Types, SELinux General Types
- device-related, SELinux General Types
- file-related, SELinux General Types, SELinux General Types
- networking, SELinux General Types
- /proc-related, SELinux General Types
- types subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
- files
in, The types Subdirectory
- Types tab (Apol window), Policy components
- types, special
notations for, Special notations for types, classes, and permissions, Special notations for types, classes, and permissions
- types.fc file, The file_contexts Subdirectory, The SELinux Policy Source Tree
U
- udev_runtime_t type, SELinux General Types
- udp_recv
operation, SELinux Operations
- udp_send
operation, SELinux Operations
- udp_socket (object security class), Subjects and Objects, Security Object Classes
- UML (User-Mode
Linux) and SELinux, SELinux Components and Linux Security Modules (LSM)
- unconfined_domain macro, SELinux Macros Defined in src/policy/macros
- Unix
stream sockets, creating, Examining a Sample Policy
- unix_dgram_socket (object security class), Subjects and Objects, Security Object Classes
- unix_read
operation, SELinux Operations
- unix_stream_socket (object security class), Subjects and Objects, Security Object Classes
- unix_write
operation, SELinux Operations
- unlabeled_t type, SELinux General Types
- unlimitedServices macro, Tuning via macros
- unlimitedUsers macro, Tuning via macros
- unlink
operation, SELinux Operations
- unmount
operation, SELinux Operations
- unpriv_socket_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
- unpriv_userdomain type attribute, SELinux Type Attributes
- unrestricted_admin macro, Tuning via macros
- unsupported
platforms, installing SELinux on, Installing from Source
- Update Policy button (Seuserx
window), Seuserx
- uppercase vs. lowercase
identifiers, Basic Policy Elements
- urandom_device_t type, SELinux General Types
- usbdevfs_t type, SELinux General Types
- usbfs_t type, SELinux General Types
- use
operation, SELinux Operations
- user account databases, keeping
Linux separate from SELinux, Security Contexts
- user accounts,
adding, Adding Users, Setting user passwords, Adding an Ordinary User
- user declarations, syntax
of, User Declarations
- user identities in
SELinux, Security Contexts
- adding ordinary
users, Adding an Ordinary User
- adding system
administrators, Adding a System Administrator
- constraint declarations
and, Constraint Declarations
- user passwords,
setting, Setting user passwords
- user security context,
viewing, Viewing the user security context
- user statements,
assigning roles to users, The SELinux Role-Based Access Control Model
- User-Mode Linux (UML) and
SELinux, SELinux Components and Linux Security Modules (LSM)
- user.te file, The domains Subdirectory, The SELinux Policy Source Tree
- useradd
command, Adding Users
- usercanread type attribute, SELinux Type Attributes
- userdomain type attribute, SELinux Type Attributes
- userpty_type type attribute, SELinux Type Attributes
- users file, The Policy Source Directory, The SELinux Policy Source Tree
- creating user
identities, Creating an SELinux User
- defining roles and associating with
users, Customizing Roles
- users policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
- Users tab (Apol window), Policy components
- user_application_domain macro, SELinux Macros Defined in src/policy/macros
- user_canbe_sysadm macro, Tuning via macros, User Declarations, Adding an Ordinary User
- user_can_mount macro, Tuning via macros
- user_crond_domain type attribute, SELinux Type Attributes
- user_domain macro, SELinux Macros Defined in src/policy/macros
- user_home_dir_t
security context, Adding Users
- user_home_dir_type type attribute, SELinux Type Attributes
- user_home_type type attribute, SELinux Type Attributes
- user_macros.te file, The macros Subdirectory, Examining a Sample Policy, The SELinux Policy Source Tree
- user_mail_domain type attribute, SELinux Type Attributes
- user_mini_domain type attribute, SELinux Type Attributes
- user_net_control macro, Tuning via macros
- user_ping
Boolean, Tuning via policy Booleans
- user_ping Boolean
declaration, Boolean Declarations, Conditional Declarations
- user_r role, Entering a Role, Customizing Roles
- changing to sysadm_r
role, Associating a user with a nondefault role
- user_rw_noexattrfile macro, Tuning via macros
- user_tmpfile type attribute, SELinux Type Attributes
- uses_authbind macro, SELinux Macros Defined in src/policy/macros
- uses_shlib
macro, Examining a Sample Policy, SELinux Macros Defined in src/policy/macros
- use_games macro, Tuning via macros
- usr_t type, SELinux General Types
V
- v4l_device_t type, SELinux General Types
- var_lib_domain macro, SELinux Macros Defined in src/policy/macros
- var_lib_nfs_t type, SELinux General Types
- var_lib_t type, SELinux General Types
- var_lock_t type, SELinux General Types
- var_log_ksyms_t type, SELinux General Types
- var_log_t type, SELinux General Types
- var_run_domain macro, SELinux Macros Defined in src/policy/macros
- var_run_t type, SELinux General Types
- var_spool_t type, SELinux General Types
- var_t type, SELinux General Types
- var_yp_t type, SELinux General Types
- VERSION file, The Policy Source Directory
- versions of
SELinux, SELinux Versions
- View/Change button (Seuserx
window), Seuserx
- virtual filesystems, Dynamically setting the operating mode
- virtual machines
and User-Mode Linux (UML), SELinux Components and Linux Security Modules (LSM)
- vixie-cron package, Installing SELinux to an existing Gentoo Linux system
- vi_t
domain, Transition Decisions
- Vogt, Tom, SUSE Linux
- vulnerabilities,
0-day, The Patch Cycle and the 0-Day Problem, Protecting Against 0-Days
W
- Walsh,
Dan, Red Hat Enterprise Linux
- web sites for
SELinux, Web and FTP Sites
- Weber,
Michael, Memory protection
- web_client_domain type attribute, SELinux Type Attributes
- wget
command, Installing SELinux to a fresh Gentoo system
- Wiki,
SELinux, SUSE Linux
- Wirth, Niklaus, Railroad Diagrams
- Woody (Debian
GNU/Linux 3.0 stable), Debian GNU/Linux
- write
operation, SELinux Operations
- writehome macro, Tuning via macros
- wtmp_t type, SELinux General Types
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.