Index

Symbols

! (logical negation), used in conditional expressions, Conditional Declarations
!= (logical inequality), used in conditional expressions, Conditional Declarations
&& (logical AND), used in conditional expressions, Conditional Declarations
* (asterisk), special notation for specifying types/classes/permissions, Special notations for types, classes, and permissions
- (minus sign), special notation for specifying types/classes/permissions, Special notations for types, classes, and permissions
0-day vulnerabilities and patch cycles, The Patch Cycle and the 0-Day Problem, Protecting Against 0-Days
<Emphasis>Malicious Mobile Code<Default Para Font>, Active content and mobile code
== (logical equality), used in conditional expressions, Conditional Declarations
^ (logical exclusive OR), used in conditional expressions, Conditional Declarations
|| (logical OR), used in conditional expressions, Conditional Declarations
~ (tilde), special notation for specifying types/classes/permissions, Special notations for types, classes, and permissions

A

accept operation, SELinux Operations
acceptfrom operation, SELinux Operations
access controls, discretionary/mandatory, Discretionary and Mandatory Access Control
access decisions, Access Decisions, Access Decisions
access vector cache (AVC), Access Decisions
access vectors, Access Decisions
TE access-vector declarations, TE Access-Vector Declarations, Macros that specify and authorize transitions
access-control lists (ACLs), protecting memory with, Access-control lists
access-vector rules
authorizing transitions with, Macros that specify and authorize transitions
restrictions imposed on, by constraint declarations, Constraint Declarations
syntax of, TE Access-Vector Declarations
access_vectors file in flask subdirectory, The flask/access_vectors file, Syntax of access_vectors
access_vectors policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
ACLs (access-control lists), protecting memory with, Access-control lists
actions performed by subjects, Subjects and Objects
active content, contributing to software threats, Active content and mobile code
Add button (Seuserx window), Seuserx
adding user accounts, Adding Users, Setting user passwords, Adding an Ordinary User
Address Space Layout Randomization (ASLR), SELinux History
adduser command, Installing SELinux to a fresh Gentoo system
add_name operation, SELinux Operations
admin type attribute, SELinux Type Attributes
admin.te file, The domains Subdirectory, The SELinux Policy Source Tree
admin_domain macro, SELinux Macros Defined in src/policy/macros
admin_macros.te file, The macros Subdirectory, The SELinux Policy Source Tree
Advanced button (Seuserx window), Seuserx
agp_device_t type, SELinux General Types
aliases for type names, defining with type declarations, Type Declarations, Type-Alias Declarations
allow access vector, Access Decisions, TE Access-Vector Declarations
conditional declarations and, Conditional Declarations, Allowing a User Access to an Existing Domain
sample declaration, TE Access-Vector Declarations
allow lines in snort.te file, The allow lines
allow statements, governing role transitions, The SELinux Role-Based Access Control Model, Role Allow Declarations
allow_user_direct_mouse macro, Tuning via macros
allow_user_dmesg macro, Tuning via macros
allow_user_tcp_server macro, Tuning via macros
allow_xserver_home_fonts macro, Tuning via macros
allow_ypbind macro, Tuning via macros
alternatives to SELinux, SELinux Components and Linux Security Modules (LSM)
Analysis tab (Apol window), Apol, Analysis, Analysis
any_socket_t type, SELinux General Types
Apache OpenSSL attack, Privilege Escalation, Applications of SELinux
apm_bios_t type, SELinux General Types
Apol tool, Supplementary SELinux tools, Apol, Analysis
appconfig subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
files in, The appconfig Subdirectory
append directive, Setting the initial operating mode
append operation, SELinux Operations
append_logdir_domain macro, SELinux Macros Defined in src/policy/macros
append_log_domain macro, SELinux Macros Defined in src/policy/macros
applications of SELinux, Applications of SELinux
application_domain macro, SELinux Macros Defined in src/policy/macros
apt-get command, Debian GNU/Linux
architecture of SELinux, SELinux Architecture, References
ASLR (Address Space Layout Randomization), SELinux History
assert.te file, The Policy Source Directory, The SELinux Policy Source Tree
associate operation, SELinux Operations
attrib.te file, The Policy Source Directory, The SELinux Policy Source Tree
type attributes defined in, Attribute Declarations
attribute declarations (attribute_def), Attribute Declarations
at_spool_t type, SELinux General Types
audit trails, monitoring attacks with, Logging and auditing
Audit2allow utility, The Audit2allow Utility, Using Audit2allow, Using Audit2allow
auditallow access vector, Access Decisions, TE Access-Vector Declarations
conditional declarations and, Conditional Declarations
sample declaration, TE Access-Vector Declarations
auditdeny access vector, TE Access-Vector Declarations
conditional declarations and, Conditional Declarations
sample declaration, TE Access-Vector Declarations
auth type attribute, SELinux Type Attributes
auth-net domain (domains/misc subdirectory), The domains Subdirectory
auth_chkpwd type attribute, SELinux Type Attributes
auth_write type attribute, SELinux Type Attributes
AVC (access vector cache), Access Decisions
avc_enforcing command, SELinux commands, Dynamically setting the operating mode
avc_toggle command, SELinux commands, Dynamically setting the operating mode, SELinux Operations
av_permissions.h file, The flask/access_vectors file

B

base_file_read_access macro, SELinux Macros Defined in src/policy/macros
base_pty_perms macro, SELinux Macros Defined in src/policy/macros
base_user_domain macro, SELinux Macros Defined in src/policy/macros
base_user_macros.te file, The macros Subdirectory, The SELinux Policy Source Tree
bdev_t type, SELinux General Types
bdflush operation, SELinux Operations
Bell, David, SELinux History
binary policy files, creating with checkpolicy command, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
bind operation, SELinux Operations
bin_t type, SELinux General Types
blk_file (object security class), Subjects and Objects, Security Object Classes
Boolean declarations (bool_def), Boolean Declarations
Booleans
setting via SELinux filesystem, Setting Booleans via the /selinux filesystem
tuning SELinux via, Tuning via policy Booleans
Booleans tab (Apol window), Policy components
boot parameters and setting initial operating mode, Setting the initial operating mode
boot problems, troubleshooting, Boot Problems
boot time, disabling SELinux at, Disabling SELinux at boot time
boot_runtime_t type, SELinux General Types
boot_t type, SELinux General Types
Browse Policy tab (Sepcut window), Sepcut
buffer overflow attacks, detecting with stack canaries, Memory protection

C

cache of log entries in SELinux, SELinux Logging Subtleties
can_create_other_pty macro, SELinux Macros Defined in src/policy/macros
can_create_pty macro, SELinux Macros Defined in src/policy/macros
can_exec macro, SELinux Macros Defined in src/policy/macros
can_exec_any macro, SELinux Macros Defined in src/policy/macros
can_getcon macro, SELinux Macros Defined in src/policy/macros
can_getsecurity macro, SELinux Macros Defined in src/policy/macros
can_loadpol macro, SELinux Macros Defined in src/policy/macros
can_network macro, Macro invocations, Examining a Sample Policy, SELinux Macros Defined in src/policy/macros
Audit2allow utility and, Using Audit2allow
can_ps macro, SELinux Macros Defined in src/policy/macros
can_ptrace macro, SELinux Macros Defined in src/policy/macros
can_setbool macro, SELinux Macros Defined in src/policy/macros
can_setenforce macro, SELinux Macros Defined in src/policy/macros
can_setexec macro, SELinux Macros Defined in src/policy/macros
can_setfscreate macro, SELinux Macros Defined in src/policy/macros
can_sysctl macro, SELinux Macros Defined in src/policy/macros
can_tcp_connect macro, SELinux Macros Defined in src/policy/macros
can_udp_send macro, SELinux Macros Defined in src/policy/macros
can_unix_connect macro, SELinux Macros Defined in src/policy/macros
can_unix_send macro, SELinux Macros Defined in src/policy/macros
can_ypbind macro, Examining a Sample Policy
capability (object security class), Subjects and Objects, Security Object Classes
catman_t type, SELinux General Types
CERT/CC (Computer Emergency Response Team Coordination Center), Software Threats and the Internet
ChangeLog file, The Policy Source Directory
change_bool command, Tuning via policy Booleans
change_sid operation, SELinux Operations
chcon utility, SELinux commands
labeling/relabeling filesystems, The chcon utility
checkpolicy command, SELinux commands, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
check_context operation, SELinux Operations
chfn operation, SELinux Operations
child and parent processes, Transition Decisions, The SELinux Type-Enforcement Model
chmod command, Access-control lists
chown operation, SELinux Operations
chroot command, Sandboxes
chr_file (object security class), Subjects and Objects, Security Object Classes
chsh operation, SELinux Operations
cifs_t type, SELinux General Types
class name M4 macros, Transition Declarations
classes of objects, Subjects and Objects, Security Object Classes
classes policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
classes, special notations for, Special notations for types, classes, and permissions, Special notations for types, classes, and permissions
Classes/Perms tab (Apol window), Policy components
clean Makefile target, Using the SELinux Makefile
clock_device_t type, SELinux General Types
Coker, Russell, SELinux History, Debian GNU/Linux
comments, prefixing with dnl (do not list), Tuning via macros, User Declarations, Adding an Ordinary User
common declaration, Syntax of access_vectors
complementation (special notation), Special notations for types, classes, and permissions
Computer Emergency Response Team Coordination Center (CERT/CC), Software Threats and the Internet
compute_av operation, SELinux Operations
compute_create operation, SELinux Operations
compute_member operation, SELinux Operations
compute_relabel operation, SELinux Operations
compute_user operation, SELinux Operations
conditional declarations (cond_stmt_def), Conditional Declarations, Conditional Declarations
Conditional Expressions tab (Apol window), Policy rules
connect operation, SELinux Operations
connectto operation, SELinux Operations
console_device_t type, SELinux General Types
constraint declarations, Constraint Declarations, Constraint Declarations
special tokens used in, Constraint Declarations
constraints file, The Policy Source Directory, The SELinux Policy Source Tree
constraint declarations in, Constraint Declarations
constraints policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
context tokens in regular expressions, The file_contexts Subdirectory
context-related declarations, Other Context-Related Declarations, Nodecon declarations
syntax of
filesystem labeling declarations, Syntax of Filesystem Labeling Declarations
genfs declarations, Syntax of Genfs Declarations
initial SID context declarations, Other Context-Related Declarations
network declarations, Syntax of Network Declarations, Nodecon declarations
context_to_sid operation, SELinux Operations
COPYING file, The Policy Source Directory
core_macros.te file, The macros Subdirectory, Special notations for types, classes, and permissions, The SELinux Policy Source Tree
class name M4 macros, Transition Declarations
Cowan, Crispin, Memory protection
cp command, Modified Linux commands and programs
cpu_device_t type, SELinux General Types
create operation, SELinux Operations
create_append_log_file macro, SELinux Macros Defined in src/policy/macros
create_dir_file macro, SELinux Macros Defined in src/policy/macros
create_dir_notdevfile macro, SELinux Macros Defined in src/policy/macros
create_dir_perms macro, SELinux Macros Defined in src/policy/macros
create_file_perms macro, SELinux Macros Defined in src/policy/macros
create_msgq_perms macro, SELinux Macros Defined in src/policy/macros
create_sem_perms macro, SELinux Macros Defined in src/policy/macros
create_shm_perms macro, SELinux Macros Defined in src/policy/macros
create_socket_perms macro, SELinux Macros Defined in src/policy/macros
create_stream_socket_perms macro, SELinux Macros Defined in src/policy/macros
cron program, Modified Linux commands and programs
troubleshooting, Daemon Problems
cron_spool_t type, SELinux General Types
customizing roles, Customizing Roles
cybercriminals, Active content and mobile code
Cyrus IMAP daemon, role used by, Customizing Roles
cyrus_r role, Customizing Roles

D

DAC (discretionary access control), Discretionary and Mandatory Access Control
vs. SELinux MAC, Subjects and Objects
dac_override operation, SELinux Operations
dac_read_search operation, SELinux Operations
daemons
starting with run_con command, Starting non-init daemons and programs
starting/controlling, Starting and Controlling Daemons
troubleshooting problems with, Daemon Problems
daemon_base_domain macro, SELinux Macros Defined in src/policy/macros
daemon_core_rules macro, SELinux Macros Defined in src/policy/macros
daemon_domain macro, SELinux Macros Defined in src/policy/macros
daemon_sub_domain macro, SELinux Macros Defined in src/policy/macros
date command, Installing SELinux to a fresh Gentoo system
dbus_client_domain type attribute, SELinux Type Attributes
Debian GNU/Linux
demonstration system, SELinux History
installing SELinux on, Debian GNU/Linux, Debian GNU/Linux
Debian Sid, Debian GNU/Linux, Debian GNU/Linux
Debian Woody, Debian GNU/Linux
decisions made by SELinux security servers, Access Decisions, Transition Decisions
default roles, assigning, How default roles are assigned
default_contexts file, How default roles are assigned, The appconfig Subdirectory
default_context_t type, SELinux General Types
default_t type, SELinux General Types
default_type file, The appconfig Subdirectory
defense by layers principle, Protecting Against 0-Days
defenses
for hosts, Network and Host Defenses, Access-control lists
for networks, Network and Host Defenses
Delete button (Seuserx window), Seuserx
demo systems for SELinux, SELinux History
denial-of-service attacks, Privilege Escalation
destroy operation, SELinux Operations
detecting intrusions, Network intrusion detection and prevention systems
devfile_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
devfs_control_t type, SELinux General Types
device-related types, SELinux General Types
device.te file, The types Subdirectory
device_t type, SELinux General Types
device_type type attribute, SELinux Type Attributes
devlog_t type, Type Declarations
devpts (pseudoterminal filesystem), Syntax of Filesystem Labeling Declarations
devpts.te file, The types Subdirectory
devtty_t type, SELinux General Types
dgram_socket_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
dir (object security class), Subjects and Objects, Security Object Classes
direct information flow analysis, Analysis
directory tree for SELinux policy, Two Forms of an SELinux Policy, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
direct_sysadm_daemon macro, Tuning via macros, User Declarations, Adding a System Administrator
dir_file_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
disabling SELinux at boot time, Disabling SELinux at boot time
discretionary access control (DAC), Discretionary and Mandatory Access Control
vs. SELinux MAC, Subjects and Objects
dmesg command, SELinux Logging Subtleties
dnl (do not list) prefix for comments, Tuning via macros, User Declarations, Adding an Ordinary User
domain entry points, The SELinux Type-Enforcement Model
domain transition analysis, Analysis
domain transitions, Transition Decisions
domain type attribute, SELinux Type Attributes
domains
allowing access to existing domains, Allowing a User Access to an Existing Domain
creating new, Creating a New Domain, Test and Revise the TE and FC Files as Needed
entering, using role statement, The SELinux Role-Based Access Control Model
protecting memory with, Sandboxes
role type declarations and, Role Type Declarations
security attributes, Security Contexts
transitioning to, How SELinux Works, Examining a Sample Policy
what files are related, Determine What Files Are Related to the Domain
domains subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
files/subdirectories in, The domains Subdirectory
domain_auto_trans macro, Macros that specify and authorize transitions, Examining a Sample Policy, SELinux Macros Defined in src/policy/macros
Audit2allow utility and, Using Audit2allow
creating new domain, Test and Revise the TE and FC Files as Needed
domain_trans macro, Macros that specify and authorize transitions, SELinux Macros Defined in src/policy/macros
dontaudit access vector, Access Decisions, TE Access-Vector Declarations
conditional declarations and, Conditional Declarations
sample declaration, TE Access-Vector Declarations
dosfs_t type, SELinux General Types
dri_device_t type, SELinux General Types
Dwerryhouse, Paul, SUSE Linux

E

enforce_dest operation, SELinux Operations
enforcing mode, System Modes and SELinux Tuning
booting system into, Setting the initial operating mode
curtailing unnecessary logging, SELinux Logging Subtleties
dynamically setting operating mode, Dynamically setting the operating mode
enqueue operation, SELinux Operations
entrypoint operation, SELinux Operations
escalating privileges, Privilege Escalation
/etc/init.d directory, Starting and Controlling Daemons
/etc/passwd program, Modified Linux commands and programs
setting user passwords, Setting user passwords
/etc/shadow program, Modified Linux commands and programs
setting user passwords, Setting user passwords
etcdir_domain macro, SELinux Macros Defined in src/policy/macros
etc_aliases_t type, SELinux General Types
etc_domain macro, SELinux Macros Defined in src/policy/macros
etc_runtime_t type, SELinux General Types
etc_t type, SELinux General Types
etc_writer type attribute, SELinux Type Attributes
eventpollfs_t type, SELinux General Types
event_device_t type, SELinux General Types
execute operation, SELinux Operations
execute_no_trans operation, SELinux Operations
exec_type type attribute, SELinux Type Attributes
ext2/ext3 (Linux Ext2/Ext3 filesystems), Syntax of Filesystem Labeling Declarations

F

faillog_t type, SELinux General Types
failsafe_context file, The appconfig Subdirectory
FC (file context) files, The SELinux Security Policy
adding permissions to, Adding Permissions
creating, Create a Basic FC File
deleting conflicting specifications, Delete Conflicting Specifications from Other FC Files
manual installation by system administrators, The domains Subdirectory
testing/revising, Test and Revise the TE and FC Files as Needed, Test and Revise the TE and FC Files as Needed
understanding how SELinux policy operates, Anatomy of a Simple SELinux Policy Domain, The type line
fcron domain (domains/misc subdirectory), The domains Subdirectory
fd (object security class), Subjects and Objects, Security Object Classes
fdisk command, Installing SELinux to a fresh Gentoo system
features of SELinux, SELinux Features, SELinux Components and Linux Security Modules (LSM)
Fedora Core, SELinux History
demonstration system, SELinux History
Fedora Core 2
automatic transition to sysadm_r role, Using the Makefile to label or relabel filesystems
Boolean declarations, Boolean Declarations
policy elements and associated files in, SELinux Policy Syntax
role transition allowed for system administrators, Starting and Controlling Daemons, Role Transition Declarations
sestatus command, Setting Booleans via the /selinux filesystem
supporting SELinux, Linux Distributions Supporting SELinux, Fedora Core 2
tuning SELinux, Tuning Fedora Core 2 SELinux, Setting Booleans via the /selinux filesystem
via macros, Tuning via macros, Tuning via macros
via policy Booleans, Tuning via policy Booleans
type attributes in SELinux, Attribute Declarations, SELinux Type Attributes, SELinux Type Attributes
fifo_file (object security class), Subjects and Objects, Security Object Classes
file (object security class), Subjects and Objects, Security Object Classes
file context database, Transient and Persistent Objects
file context files files) (see FC (file context)
file creation and transition decisions, Transition Decisions
file labeling, Transient and Persistent Objects
file labels
boot problems and relabeling filesystems, Boot Problems
repairing, using restorecon utility, Setting user passwords
file security context, viewing, Viewing a file security context
file-related types, SELinux General Types, SELinux General Types
file-type transitions, Transition Decisions
file.te file, The types Subdirectory
filesystem (object security class), Subjects and Objects, Security Object Classes
filesystem labeling declarations, Syntax of Filesystem Labeling Declarations
file_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
file_contexts file, The file_contexts Subdirectory
file_contexts subdirectory, Two Forms of an SELinux Policy
files/subdirectories in, The file_contexts Subdirectory, The file_contexts Subdirectory
file_labels_t type, SELinux General Types
file_t type, SELinux General Types
file_type type attribute, SELinux Type Attributes
file_type_auto_trans macro, Macros that specify and authorize transitions, SELinux Macros Defined in src/policy/macros
file_type_trans macro, Macros that specify and authorize transitions, SELinux Macros Defined in src/policy/macros
firewalls
for hosts, Host firewalls and intrusion detection systems
for networks, Network firewalls
Firewalls screen of Fedora Core 2, Fedora Core 2
fixed memory assignments, preventing attacks based on, Memory protection
fixed_disk_device_t type, SELinux General Types
fixfiles utility
labeling/relabeling filesystems, The fixfiles utility
relabeling problem scripts with, Daemon Problems
troubleshooting login problems with, Local Login Problems
flask subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
files in, The flask Subdirectory
flask-related declarations, Flask-Related Declarations, Syntax of access_vectors
syntax of
access_vectors file, Syntax of access_vectors, Syntax of access_vectors
initial_sids file, Syntax of initial_sids
security_classes file, Syntax of security_classes
fonts_t type, SELinux General Types
fork operation, SELinux Operations
forward domain analysis, Analysis
fowner operation, SELinux Operations
framebuf_device_t type, SELinux General Types
fsetid operation, SELinux Operations
fs_domain type attribute, SELinux Type Attributes
fs_t type, SELinux General Types
fs_type type attribute, SELinux Type Attributes
fs_use file, The Policy Source Directory, The SELinux Policy Source Tree
fs_use policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
fs_use_task declaration, Syntax of Filesystem Labeling Declarations
fs_use_trans declaration, Syntax of Filesystem Labeling Declarations
fs_use_xattr declaration, Syntax of Filesystem Labeling Declarations
FTP sites for SELinux, Web and FTP Sites
ftpd_is_daemon macro, Tuning via macros
ftp_home_dir macro, Tuning via macros
full_user_role macro, SELinux Macros Defined in src/policy/macros
futexfs_t type, SELinux General Types

G

Gartner research on insider threats, Software Threats and the Internet
general_domain_access macro, SELinux Macros Defined in src/policy/macros
general_proc_read_access macro, SELinux Macros Defined in src/policy/macros
Genfs declarations, Syntax of Genfs Declarations
genfscon keyword, Syntax of Genfs Declarations
genfs_contexts file, The Policy Source Directory, Syntax of Genfs Declarations, The SELinux Policy Source Tree
genfs_contexts policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
Gentoo Linux, SELinux History
Hardened Project demo system, SELinux History
installing SELinux on
existing systems, Installing SELinux to an existing Gentoo Linux system, Installing SELinux to an existing Gentoo Linux system
fresh systems, Installing SELinux to a fresh Gentoo system, Installing SELinux to a fresh Gentoo system
sestatus command, Setting Booleans via the /selinux filesystem
getattr operation, SELinux Operations
getcap operation, SELinux Operations
getenforce command, SELinux commands, Dynamically setting the operating mode
getopt operation, SELinux Operations
getpgid operation, SELinux Operations
getsched operation, SELinux Operations
getsession operation, SELinux Operations
get_sids operation, SELinux Operations
get_user_sids operation, SELinux Operations
global_macros.te file, Macro invocations, The macros Subdirectory, The SELinux Policy Source Tree
GNOME desktop
troubleshooting problems with, X Problems
using with SELinux, Installing SELinux
GNU mailing list manager application, role used by, Customizing Roles
gphdomain type attribute, Examining a Sample Policy, SELinux Type Attributes
GRSecurity, SELinux Components and Linux Security Modules (LSM)
GRUB bootloader, Installing SELinux to a fresh Gentoo system, Installing SELinux to an existing Gentoo Linux system, Installing SELinux to an existing Gentoo Linux system
configuring, Installing SELinux to a fresh Gentoo system
setting initial operating mode, Setting the initial operating mode

H

Hardened Project (Gentoo) demonstration system, SELinux History
hide_broken_symptoms macro, Tuning via macros
history of SELinux, SELinux History
home directories of users, Adding Users
homedirfile type attribute, SELinux Type Attributes
home_dir_type type attribute, SELinux Type Attributes
home_root_t type, SELinux General Types
home_type type attribute, SELinux Type Attributes
honeypots, Active content and mobile code
hosts, defenses for, Network and Host Defenses, Access-control lists

I

icmp_socket_t type, SELinux General Types
id -Z command, Changing roles, Viewing a file security context
id command, Modified Linux commands and programs, Viewing Security Contexts
identifiers, lowercase vs. uppercase, Basic Policy Elements
identifier_list policy subelement, Basic Policy Elements
id_comma_list policy subelement, Basic Policy Elements
igmp_packet_t type, SELinux General Types
incident reports, Software Threats and the Internet
indirect information flow analysis, Analysis
init scripts
relabeling, using fixfiles command, Daemon Problems
starting/controlling daemons, Starting and Controlling Daemons
initial operating mode of SELinux system, setting, Setting the initial operating mode
initial SID context declarations, Syntax of Initial SID Context Declarations
initial SIDs (security identifiers), Security Contexts
Initial SIDs tab (Apol window), Policy components
initial_sids file in flask subdirectory, The flask/initial_sids file, Syntax of initial_sids
initial_sids policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
initial_sid_contexts file, The Policy Source Directory, The SELinux Policy Source Tree
initial_sid_contexts policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
initrc_context file, The appconfig Subdirectory
initrc_t domain, Transition Decisions
init_service_domain macro, SELinux Macros Defined in src/policy/macros
insider threats, Software Threats and the Internet
install command, Modified Linux commands and programs
install Makefile target, The SELinux Makefile, Using the SELinux Makefile
installing SELinux, Installing SELinux
from binary or source packages, Installing SELinux from Binary or Source Packages, SUSE Linux
on Debian GNU/Linux, Debian GNU/Linux, Debian GNU/Linux
Fedora Core 2, Linux Distributions Supporting SELinux, Fedora Core 2
on Gentoo Linux
existing systems, Installing SELinux to an existing Gentoo Linux system, Installing SELinux to an existing Gentoo Linux system
fresh systems, Installing SELinux to a fresh Gentoo system, Installing SELinux to a fresh Gentoo system
from NSA source, Installing from Source
overview, Installation Overview
on RHEL using RPM packages, RPM-Based Distributions
on SUSE Linux using RPM packages, SUSE Linux
Internet and software threats, Software Threats and the Internet, Mandatory access control
intrusion detection systems, Network intrusion detection and prevention systems, Host firewalls and intrusion detection systems
intrusion prevention systems, Network intrusion detection and prevention systems
invoking macros
in ping.te file, Examining a Sample Policy, Examining a Sample Policy
in snort.te file, Macro invocations, Macro invocations
in_user_role macro, SELinux Macros Defined in src/policy/macros
ioctl operation, SELinux Operations
ipc (object security class), Subjects and Objects, Security Object Classes
ipc_info operation, SELinux Operations
ipc_lock operation, SELinux Operations
ipc_owner operation, SELinux Operations
iso9660_t type, SELinux General Types

K

KDE Desktop, troubleshooting problems with, Installing SELinux, X Problems
kernel directive, Setting the initial operating mode
kernel domain (domains/misc subdirectory), The domains Subdirectory
kernel modules in SELinux, SELinux Components and Linux Security Modules (LSM)
kernel-image package, Debian GNU/Linux
kernel-level code, Kernel-Level Code
kernel-source package, Debian GNU/Linux
kernels
building
Debian GNU/Linux, Debian GNU/Linux
Gentoo Linux, Installing SELinux to a fresh Gentoo system, Installing SELinux to an existing Gentoo Linux system
compiling/installing
Debian GNU/Linux, Debian GNU/Linux
Gentoo Linux, Installing SELinux to a fresh Gentoo system, Installing SELinux to an existing Gentoo Linux system
installing SELinux under Gentoo, Installing SELinux to a fresh Gentoo system
key_socket (object security class), Subjects and Objects, Security Object Classes
kill operation, SELinux Operations
krb5_conf_t type, SELinux General Types

L

labeling decisions, Access Decisions, Transition Decisions, Transition Decisions
labeling files/filesystems, Labeling Filesystems and Files
using chcon utility, The chcon utility
using fixfiles utility, The fixfiles utility
using Makefile, Using the Makefile to label or relabel filesystems
using restorecon utility, The restorecon utility
using setfiles utility, The setfiles utility, Adding Permissions, Load the Revised Policy and Label the Domains
LaPadula, Leonard, SELinux History
lastlog_t type, SELinux General Types
ld_so_cache_t type, SELinux General Types
ld_so_t type, SELinux General Types
lease operation, SELinux Operations
lib_t type, SELinux General Types
LILO bootloader, Installing SELinux to an existing Gentoo Linux system
configuring instead of GRUB, Installing SELinux to a fresh Gentoo system
installing, Debian GNU/Linux
modifying, Debian GNU/Linux
setting initial operating mode, Setting the initial operating mode
lines in railroad diagrams, How Railroad Diagrams Work
link operation, SELinux Operations
link_file_perms macro, SELinux Macros Defined in src/policy/macros
Linux 2.4/2.6 versions of SELinux, SELinux Versions, Installing SELinux to an existing Gentoo Linux system
Linux Security Modules (LSM) feature and SELinux, SELinux Components and Linux Security Modules (LSM), Kernel-Level Code
linux_immutable operation, SELinux Operations
listen operation, SELinux Operations
literal symbols in railroad diagrams, What Railroad Diagrams Do
lnk_file (object security class), Subjects and Objects, Security Object Classes
load Makefile target, The SELinux Makefile, Using the SELinux Makefile
loading SELinux security policy, Loading the SELinux Security Policy, The load_policy utility
load_policy utility, The load_policy utility, SELinux Operations
local login problems, troubleshooting, Local Login Problems
locale_t type, SELinux General Types
lock operation, SELinux Operations
lockfile type attribute, SELinux Type Attributes
lock_domain macro, SELinux Macros Defined in src/policy/macros
log messages
format of, SELinux Log Message Format, SELinux Log Message Format
turning off messages to console, SELinux Logging Subtleties
logdir_domain macro, SELinux Macros Defined in src/policy/macros
logfile type attribute, SELinux Type Attributes
login program, Modified Linux commands and programs
login_contexts type attribute, SELinux Type Attributes
logrotate program, Modified Linux commands and programs
logs
Audit2allow and, Using Audit2allow
format of entries, SELinux Log Message Format, SELinux Log Message Format
limiting rate of entries, SELinux Logging Subtleties
monitoring for attacks, Logging and auditing
troubleshooting problems with, SELinux Logging Subtleties
log_domain macro, SELinux Macros Defined in src/policy/macros
lost_found_t type, SELinux General Types
lowercase vs. uppercase identifiers, Basic Policy Elements
ls command, Modified Linux commands and programs, Viewing Security Contexts
LSM (Linux Security Modules) feature and SELinux, SELinux Components and Linux Security Modules (LSM), Kernel-Level Code
LSM-based SELinux, SELinux Versions
lsmod command, Installing SELinux to a fresh Gentoo system
ls_exec_t type, SELinux General Types
lynx command, Installing SELinux to a fresh Gentoo system

M

M4 macros, The SELinux Security Policy
authorizing access to files and network operations, Test and Revise the TE and FC Files as Needed
for classes, Transition Declarations
creating role allow declarations, Role Allow Declarations
defining roles associated with users, User Declarations
dnl (do not list) comment prefix, Tuning via macros, User Declarations, Adding an Ordinary User
macro invocations
in ping.te file, Examining a Sample Policy, Examining a Sample Policy
in snort.te file, Macro invocations, Macro invocations
macros subdirectory, Two Forms of an SELinux Policy, The macros Subdirectory
tuning SELinux via, Tuning via macros
type alias declarations, generating, Type-Alias Declarations
MAC (mandatory access control), Discretionary and Mandatory Access Control
vs. Linux DAC, Subjects and Objects
macros subdirectory, Two Forms of an SELinux Policy
files in, The macros Subdirectory
macros defined in, SELinux Macros Defined in src/policy/macros, SELinux Macros Defined in src/policy/macros
mailing lists related to SELinux, Mailing Lists
mailman_r role, Customizing Roles
mail_server_domain type attribute, SELinux Type Attributes
mail_server_sender type attribute, SELinux Type Attributes
mail_spool_t type, SELinux General Types
make install command, Two Forms of an SELinux Policy
make load command, Two Forms of an SELinux Policy
make reload command, Two Forms of an SELinux Policy
Makefile
labeling/relabeling filesystems, Using the Makefile to label or relabel filesystems
loading SELinux security policy, The SELinux Makefile
in policy source directory, The Policy Source Directory, The SELinux Policy Source Tree
SELinux binary policy file generated by, The SELinux Security Policy
targets (operations) supported by, The SELinux Makefile, Using the SELinux Makefile
mandatory access control (MAC), Discretionary and Mandatory Access Control
vs. Linux DAC, Subjects and Objects
man_t type, SELinux General Types
May, Brian, Debian GNU/Linux
MBR (master boot record), Debian GNU/Linux, Installing SELinux to an existing Gentoo Linux system
McGraw, Gary, Memory protection
member_sid operation, SELinux Operations
memory protection schemes, Memory protection, Access-control lists
memory-resident tables, Transient and Persistent Objects
memory_device_t type, SELinux General Types
mini_pty_type type attribute, SELinux Type Attributes
mini_user_domain macro, SELinux Macros Defined in src/policy/macros
mini_user_macros.te file, The macros Subdirectory, The SELinux Policy Source Tree
misc subdirectory
domains directory, The domains Subdirectory, The SELinux Policy Source Tree
file_contexts directory, The file_contexts Subdirectory, The SELinux Policy Source Tree
misc_device_t type, SELinux General Types
MITRE Corporation, SELinux History
mknod operation, SELinux Operations
mkswap command, Installing SELinux to a fresh Gentoo system
mls file, The Policy Source Directory, The SELinux Policy Source Tree
mls policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
mlstrustedobject type attribute, SELinux Type Attributes
mlstrustedreader type attribute, SELinux Type Attributes
mlstrustedwriter type attribute, SELinux Type Attributes
mnt_t type, SELinux General Types
mobile code, contributing to software threats, Active content and mobile code
modes
enforcing vs. permissive, System Modes and SELinux Tuning
switching, Switching Modes, Disabling SELinux at boot time
troubleshooting program execution problems, Program Execution Problems
modprobe command, Installing SELinux to a fresh Gentoo system
monitoring SELinux, Monitoring SELinux, The Audit2allow Utility
mount operation, SELinux Operations
mounton operation, SELinux Operations
mount_fs_perms macro, SELinux Macros Defined in src/policy/macros
mouse_device_t type, SELinux General Types
mqueue_spool_t type, SELinux General Types
msg (object security class), Subjects and Objects, Security Object Classes
msgq (object security class), Subjects and Objects, Security Object Classes
mta_delivery_agent type attribute, SELinux Type Attributes
mta_user_agent type attribute, SELinux Type Attributes
mtrr_device_t type, SELinux General Types
mv command, Modified Linux commands and programs

N

names policy subelement, Basic Policy Elements
name_bind operation, SELinux Operations
naming conventions for security attributes, Security Contexts
National Security Agency (see NSA)
ncurses-dev package, Debian GNU/Linux
nested_id_set policy subelement, Basic Policy Elements
netbroadcast operation, SELinux Operations
netif (object security class), Subjects and Objects, Security Object Classes
netifcon declarations, Netifcon declarations
netif_eth0_t type, SELinux General Types
netif_eth1_t type, SELinux General Types
netif_eth2_t type, SELinux General Types
netif_ippp0_t type, SELinux General Types
netif_ipsec0_t type, SELinux General Types
netif_ipsec1_t type, SELinux General Types
netif_ipsec2_t type, SELinux General Types
netif_lo_t type, SELinux General Types
netif_t type, SELinux General Types
netif_type type attribute, SELinux Type Attributes
netlink_socket (object security class), Subjects and Objects, Security Object Classes
netmsg_eth0_t type, SELinux General Types
netmsg_eth1_t type, SELinux General Types
netmsg_eth2_t type, SELinux General Types
netmsg_ippp0_t type, SELinux General Types
netmsg_ipsec0_t type, SELinux General Types
netmsg_ipsec1_t type, SELinux General Types
netmsg_ipsec2_t type, SELinux General Types
netmsg_lo_t type, SELinux General Types
netmsg_t type, SELinux General Types
netmsg_type type attribute, SELinux Type Attributes
Network Associates, SELinux History
network declarations, Syntax of Network Declarations, Nodecon declarations
network.te file, The types Subdirectory
networks
connectivity issues, contributing to software threats, Network connectivity
defenses for, Network and Host Defenses
intrusion detection systems, Network intrusion detection and prevention systems
types related to, SELinux General Types
net_admin operation, SELinux Operations
net_bind_service operation, SELinux Operations
net_conf_t type, SELinux General Types
net_contexts file, The Policy Source Directory, The SELinux Policy Source Tree
net_contexts policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
net_raw operation, Examining a Sample Policy, SELinux Operations
neverallow rule type, TE Access-Vector Declarations
sample declaration, TE Access-Vector Declarations
newconn operation, SELinux Operations
newrole command, SELinux commands, Changing roles
nfs.te file, The types Subdirectory
nfsd_control operation, SELinux Operations
nfsd_fs_t type, SELinux General Types
nfs_export_all_ro macro, Tuning via macros
nfs_export_all_rw macro, Tuning via macros
nfs_home_dirs macro, Tuning via macros
Nmap program
adding permissions to, Adding Permissions, Adding Permissions
allowing access to existing domains, Allowing a User Access to an Existing Domain
Audit2allow utility and, Using Audit2allow, Using Audit2allow
nmap-services file, read access denied to, Adding Permissions, Adding Permissions
noatsecure operation, SELinux Operations
node (object security class), Subjects and Objects, Security Object Classes
nodecon declarations, Nodecon declarations
node_bind operation, SELinux Operations
node_compat_ipv4_t type, SELinux General Types
node_inaddr_any_t type, SELinux General Types
node_internal_t type, SELinux General Types
node_link_local_t type, SELinux General Types
node_lo_t type, SELinux General Types
node_mapped_ipv4_t type, SELinux General Types
node_multicast_t type, SELinux General Types
node_site_local_t type, SELinux General Types
node_t type, SELinux General Types
node_type type attribute, SELinux Type Attributes
node_unspec_t type, SELinux General Types
noexattrfile type attribute, SELinux Type Attributes
nonexecutable stacks, Memory protection
notdevfile_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
no_access_t type, SELinux General Types
NSA (National Security Agency)
installing SELinux on unsupported platforms, Installing from Source
mailing list for SELinux, Mailing Lists
versions of SELinux, SELinux Versions
web site for SELinux, Web and FTP Sites
NSA SELinux boot parameter option, Switching Modes
disabling SELinux at boot time, Disabling SELinux at boot time
NSA SELinux Development support option, System Modes and SELinux Tuning
setting initial operating mode, Setting the initial operating mode
nscd_all_connect macro, Tuning via macros
null_device_t type, SELinux General Types

O

objects, Subjects and Objects, Subjects and Objects
access to, decisions regarding, Access Decisions, Access Decisions
parsing log messages, SELinux Log Message Format
persistent, Transient and Persistent Objects
restricting ability to relabel objects, Constraint Declarations
rules governing access to, Access Decisions
security classes of, Subjects and Objects, Security Object Classes
transient, Transient and Persistent Objects
object_r (dummy role), Security Contexts
operating mode of SELinux system, dynamically setting, Dynamically setting the operating mode
Orange Book, SELinux History, Overview of the SELinux Security Model
ovals in railroad diagrams, How Railroad Diagrams Work
overview of
installation process, Installation Overview
SELinux security model, Overview of the SELinux Security Model, References

P

packages, installing, Debian GNU/Linux, Debian GNU/Linux
packet_perms macro, SELinux Macros Defined in src/policy/macros
packet_socket (object security class), Subjects and Objects, Security Object Classes
pam program, Modified Linux commands and programs
parent and child processes, Transition Decisions, The SELinux Type-Enforcement Model
parsing log messages, SELinux Log Message Format
passwd (object security class), Subjects and Objects, Security Object Classes
passwd command, Installing SELinux to a fresh Gentoo system, Setting user passwords, SELinux Operations
passwords
setting for users, Setting user passwords
patch cycles and 0-day vulnerabilities, The Patch Cycle and the 0-Day Problem, Protecting Against 0-Days
PaX project, SELinux History
permissions
adding, Adding Permissions, Adding Permissions
associated with classes, Syntax of access_vectors
associated with file-like objects, Syntax of access_vectors
extending to processes in domain, Examining a Sample Policy
restricting, with constraint declarations, Constraint Declarations
special notations for, Special notations for types, classes, and permissions, Special notations for types, classes, and permissions
permissive mode, System Modes and SELinux Tuning
booting system into, Setting the initial operating mode
curtailing unnecessary logging, SELinux Logging Subtleties
dynamically setting operating mode, Dynamically setting the operating mode
setting, before using Audit2allow, Using Audit2allow
persistent labels
filesystems not supporting, Syntax of Genfs Declarations
filesystems supporting, Syntax of Filesystem Labeling Declarations
persistent objects, Transient and Persistent Objects
persistent security identifiers (PSIDs), storing on filesystems, Transient and Persistent Objects
pidfile type attribute, SELinux Type Attributes
ping command, controlling access to, Boolean Declarations
ping.fc file, examining sample policy, Examining a Sample Policy
ping.te file
basic policy elements, Basic Policy Elements
conditional statement declaration in, Conditional Declarations
domain_auto_trans macro, invoked in, Macros that specify and authorize transitions
examining sample policy, Examining a Sample Policy
role type declarations in, Role Type Declarations
pipefs (pseudofilesystem with pipe), Syntax of Filesystem Labeling Declarations
policy Booleans
initializing in ping.te file, Examining a Sample Policy
setting via SELinux filesystem, Setting Booleans via the /selinux filesystem
tuning SELinux via, Tuning via policy Booleans
Policy Components tab (Apol window), Apol, Policy components
policy constraint declarations, Constraint Declarations, Constraint Declarations
policy database of SELinux security server, Subjects and Objects
policy elements
and associated files, SELinux Policy Syntax
list of, SELinux Policy Syntax, Review of SELinux Policy Syntax
subelements appearing in, Basic Policy Elements, Basic Policy Elements
policy files, How SELinux Works, Examining a Sample Policy
(see also SELinux policy)
browsing/editing with SePCuT, Supplementary SELinux tools
checkpolicy command, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
choosing to delete, The SELinux Makefile
compiling, Debian GNU/Linux
compiling from source, The SELinux Makefile
creating/loading, The SELinux Security Policy
policy Makefile target, The SELinux Makefile, Using the SELinux Makefile
policy management tools, Policy Management Tools, Seuserx
Policy Modules tab (Sepcut window), Sepcut
Policy Rules tab (Apol window), Apol, Policy rules
policy source directory files, The Policy Source Directory, The Policy Source Directory
policy source tree, Two Forms of an SELinux Policy, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
policy structure of SELinux, SELinux Policy Structure, The Policy Source Directory
policy.<Emphasis>??<Default Para Font> file, The Policy Source Directory, The SELinux Policy Source Tree
policy.conf file, The Policy Source Directory, The SELinux Policy Source Tree
analyzing, with Apol tool, Supplementary SELinux tools
checkpolicy command and, Two Forms of an SELinux Policy
policy.conf tab (Apol window), Apol
policy.spec file, The Policy Source Directory
policy_config_t type, SELinux General Types
policy_src_t type, SELinux General Types
poly_t type, SELinux General Types
pop_port_t type, SELinux General Types
portcon declarations, Portcon declarations
port_t type, SELinux General Types
port_type type attribute, SELinux Type Attributes
ppp_device_t type, SELinux General Types
principle of least privilege, Privilege Escalation
authorizing Nmap access and, Allowing a User Access to an Existing Domain
Fedora Core SELinux implementation and, Fedora Core 2
mandatory access control, Mandatory access control
network declarations and, Syntax of Network Declarations
print_spool_t type, SELinux General Types
privfd type attribute, SELinux Type Attributes
privhome type attribute, SELinux Type Attributes
privileges, escalating, Privilege Escalation
privlog type attribute, Type Declarations, SELinux Type Attributes
privmail type attribute, SELinux Type Attributes
privmem type attribute, SELinux Type Attributes
privmodule type attribute, SELinux Type Attributes
privowner type attribute, SELinux Type Attributes
privrole type attribute, SELinux Type Attributes
privuser type attribute, SELinux Type Attributes
priv_system_role type attribute, SELinux Type Attributes
/proc, types related to, SELinux General Types
process (object security class), Subjects and Objects, Security Object Classes
processes
child/parent, Transition Decisions, The SELinux Type-Enforcement Model
choosing security contexts, Transition Decisions
creating, Transition Decisions
and programs, distinctions between, Subjects and Objects
RBAC (role-based access control), Role-Based Access Control, Role Allow Declarations
reporting security context of, Viewing a process security context
security context of, The SELinux Role-Based Access Control Model
procfs.te file, The types Subdirectory
proc_kcore_t type, SELinux General Types
proc_kmsg_t type, SELinux General Types
proc_t type, SELinux General Types
program execution problems, troubleshooting, Program Execution Problems
program subdirectory
domains directory, The domains Subdirectory, The SELinux Policy Source Tree
file_contexts directory, The file_contexts Subdirectory, The SELinux Policy Source Tree
macros directory, The macros Subdirectory, The SELinux Policy Source Tree
Propolice project, SELinux History
protecting memory from 0-day attacks, Memory protection, Access-control lists
ps command, Modified Linux commands and programs, Viewing Security Contexts, Viewing a process security context
pseudofilesystems, mounting, Installing SELinux to a fresh Gentoo system, Installing SELinux to an existing Gentoo Linux system
pseudoterminal filesystem (devpts), Syntax of Filesystem Labeling Declarations
PSIDs (persistent security identifiers), storing on filesystems, Transient and Persistent Objects
ptrace facility, SELinux Operations
exploited during Apache OpenSSL attack, Privilege Escalation, Applications of SELinux
ptyfile type attribute, Examining a Sample Policy, SELinux Type Attributes
pty_slave_label macro, SELinux Macros Defined in src/policy/macros

Q

quotaget operation, SELinux Operations
quotamod operation, SELinux Operations
quotaon operation, SELinux Operations

R

railroad diagrams
fine points of, Basic Policy Elements
how they work, How Railroad Diagrams Work, How Railroad Diagrams Work
SELinux policy syntax, SELinux Policy Syntax, SELinux Policy Syntax
symbols specified by, What Railroad Diagrams Do
what they do, What Railroad Diagrams Do
ramfs_t type, SELinux General Types
random assignment of memory, Memory protection
random_device_t type, SELinux General Types
raw IP packets, sending/receiving, Examining a Sample Policy
raw IP sockets, creating/modifying, Examining a Sample Policy
rawip_recv operation, SELinux Operations
rawip_send operation, SELinux Operations
rawip_socket (object security class), Subjects and Objects, Security Object Classes
ra_dir_create_file macro, SELinux Macros Defined in src/policy/macros
ra_dir_file macro, SELinux Macros Defined in src/policy/macros
ra_dir_perms macro, SELinux Macros Defined in src/policy/macros
ra_file_perms macro, SELinux Macros Defined in src/policy/macros
RBAC (role-based access control), How SELinux Works, Role-Based Access Control, Role Allow Declarations
declarations
te_rbac policy element, SELinux Policy Syntax
types of, Role-Based Access Control Declarations, Role Allow Declarations
rbac file, The Policy Source Directory, The SELinux Policy Source Tree
RBAC Rules tab (Apol window), Policy rules
read operation, SELinux Operations
readable_t type, SELinux General Types
readhome macro, Tuning via macros
README file, The Policy Source Directory
read_default_t macro, Tuning via macros
read_locale macro, SELinux Macros Defined in src/policy/macros
read_sysctl macro, SELinux Macros Defined in src/policy/macros
receive operation, SELinux Operations
recvfrom operation, SELinux Operations
recv_msg operation, SELinux Operations
Red Hat, SELinux History
Red Hat Enterprise Linux (see RHEL)
regular expressions
in file-context specifications, The file_contexts Subdirectory
in railroad diagrams, How Railroad Diagrams Work
in snort.fc file, The snort.fc File
relabel Makefile target, The SELinux Makefile, Using the SELinux Makefile
relabelfrom operation, SELinux Operations
relabeling filesystems
using chcon utility, The chcon utility
using fixfiles utility, The fixfiles utility
using Makefile, Using the Makefile to label or relabel filesystems
using restorecon utility, The restorecon utility
using setfiles utility, The setfiles utility, Adding Permissions, Load the Revised Policy and Label the Domains
relabelto operation, SELinux Operations
relational operators used in conditional expressions, Conditional Declarations
reload Makefile target, The SELinux Makefile, Using the SELinux Makefile
remount operation, SELinux Operations
removable_device_t type, SELinux General Types
remove_name operation, SELinux Operations
Ren, Chris, Memory protection
rename operation, SELinux Operations
reparent operation, SELinux Operations
replaceable text
in railroad diagrams, What Railroad Diagrams Do, Transition Declarations
special notation for types/classes/permissions, Special notations for types, classes, and permissions
resolv_conf_t type, SELinux General Types
restorecon utility
labeling/relabeling filesystems, The restorecon utility
repairing file labels, Setting user passwords
reverse domain analysis, Analysis
RHEL (Red Hat Enterprise Linux)
installing SELinux using RPM packages, RPM-Based Distributions
SELinux support, Linux Distributions Supporting SELinux
rlimitinh operation, SELinux Operations
rmdir operation, SELinux Operations
role statements, authorizing roles to enter domains, The SELinux Role-Based Access Control Model
role-based access control (see RBAC)
roles in SELinux, Security Contexts, Entering a Role
assigning default roles, How default roles are assigned
assigning, with user statement, The SELinux Role-Based Access Control Model
associating users with nondefault roles, Associating a user with a nondefault role
associating, with user declarations, User Declarations
authorizing access to domain, Examining a Sample Policy
constraining changes between identities and, Constraint Declarations
customizing, Customizing Roles
entering a different role, Changing roles
newrole command, Changing roles
transitions between, using allow statements, The SELinux Role-Based Access Control Model, Role Allow Declarations
Roles tab (Apol window), Policy components
roletrans_def declaration, Role-Based Access Control Declarations
role_allow_def declaration, Role-Based Access Control Declarations, Role Allow Declarations
role_dominance declaration, Role-Based Access Control Declarations
role_type_def declaration, Role-Based Access Control Declarations
romfs_t type, SELinux General Types
root user, Creating an SELinux User
rootok operation, SELinux Operations
root_default_contexts file, The appconfig Subdirectory
root_dir_type type attribute, SELinux Type Attributes
root_t type, SELinux General Types
rpc_pipefs_t type, SELinux General Types
RPM packages
in Fedora Core 2, Fedora Core 2
installing SELinux using, RPM-Based Distributions
run_con command, starting non-init daemons with, Starting non-init daemons and programs
run_init command, SELinux commands
run_init command, starting daemons with, Starting and Controlling Daemons
run_ssh_inetd macro, Tuning via macros
rw_dir_create_file macro, SELinux Macros Defined in src/policy/macros
rw_dir_file macro, SELinux Macros Defined in src/policy/macros
rw_dir_perms macro, SELinux Macros Defined in src/policy/macros
rw_file_perms macro, SELinux Macros Defined in src/policy/macros
rw_msgq_perms macro, SELinux Macros Defined in src/policy/macros
rw_sem_perms macro, SELinux Macros Defined in src/policy/macros
rw_shm_perms macro, SELinux Macros Defined in src/policy/macros
rw_socket_perms macro, SELinux Macros Defined in src/policy/macros
rw_stream_socket_perms macro, SELinux Macros Defined in src/policy/macros
rx_file_perms macro, SELinux Macros Defined in src/policy/macros
r_dir_file macro, SELinux Macros Defined in src/policy/macros
r_dir_perms macro, SELinux Macros Defined in src/policy/macros
r_file_perms macro, SELinux Macros Defined in src/policy/macros
r_msgq_perms macro, SELinux Macros Defined in src/policy/macros
r_sem_perms macro, SELinux Macros Defined in src/policy/macros
r_shm_perms macro, SELinux Macros Defined in src/policy/macros

S

sambafs_t type, SELinux General Types
sample policy, examining, Examining a Sample Policy, Examining a Sample Policy
sandboxes
protecting memory with, Sandboxes
sbin_t type, SELinux General Types
scanner_device_t type, SELinux General Types
SCC (Secure Computing Corporation), SELinux History
scmp_packet_t type, SELinux General Types
scsi_generic_device_t type, SELinux General Types
search operation, SELinux Operations
Seaudit tool, Supplementary SELinux tools, Policy Management Tools, Seaudit
SeCmds tool, Supplementary SELinux tools
Secure Computing Corporation (SCC), SELinux History
secure_levels macro, Tuning via macros
security (object security class), Subjects and Objects, Security Object Classes
security attributes
associated with subjects/objects, Security Contexts
naming conventions for, Security Contexts
security contexts, How SELinux Works, Security Contexts, Security Contexts
assigned to filesystems by Genfs declarations, Syntax of Genfs Declarations
assigning to new users, Adding Users
changing permissions, to prevent denial messages, Adding Permissions, Adding Permissions
elements of, The SELinux Role-Based Access Control Model
of files, determining, Determine the Security Contexts of the Files
for new domain, Decide on Appropriate Security Contexts for the New Domain
of hosts, specifying, Nodecon declarations
of local ports, specifying, Portcon declarations
of network interfaces, specifying, Netifcon declarations
of objects having initial SIDs, Syntax of Initial SID Context Declarations
specifying, when starting programs, Starting non-init daemons and programs
starting init scripts in correct, Starting and Controlling Daemons
viewing, Viewing Security Contexts
security contexts
for Snort-related directories/files, The snort.fc File
security identifiers (SIDs), Security Contexts
flask/initial_sids file, The flask/initial_sids file
security model for SELinux, overview of, Overview of the SELinux Security Model, References
security object classes, Subjects and Objects, Security Object Classes
security policy for SELinux, The SELinux Security Policy, The SELinux Security Policy
associating users with nondefault roles, Associating a user with a nondefault role
enforcing mode vs. permissive mode, System Modes and SELinux Tuning
loading, Loading the SELinux Security Policy, The load_policy utility
roles defined by, Entering a Role
rules for dynamically setting operating mode, Dynamically setting the operating mode
security.te file, The types Subdirectory
security_classes file in flask subdirectory, The flask/security_classes file, Syntax of security_classes
security_t type, SELinux General Types
SELinux
applications of, Applications of SELinux
architecture of, SELinux Architecture, References
commands
for administration/use, SELinux commands
modified Linux commands, Modified Linux commands and programs
supplementary, Supplementary SELinux tools
Fedora Core 2 support of, Linux Distributions Supporting SELinux, Fedora Core 2
FTP sites for, Web and FTP Sites
history of, SELinux History
installing (see installing SELinux)
kernel-level code, Kernel-Level Code
limiting rate of log entries, SELinux Logging Subtleties
Linux 2.4/2.6 versions of, SELinux Versions, Installing SELinux to an existing Gentoo Linux system
log message format, SELinux Log Message Format, SELinux Log Message Format
LSM (Linux Security Modules) feature and, SELinux Components and Linux Security Modules (LSM), Kernel-Level Code
LSM-based version of, SELinux Versions
monitoring, Monitoring SELinux, The Audit2allow Utility
operations, SELinux Operations, SELinux Operations
overview of security model, Overview of the SELinux Security Model, References
policy structure, SELinux Policy Structure, The Policy Source Directory
roles, Entering a Role
entering a different role, Changing roles
newrole command, Changing roles
security policy (see security policy for SELinux)
source files, The SELinux Security Policy, The SELinux Security Policy
switching modes, Switching Modes, Disabling SELinux at boot time
tools in, SELinux Tools
troubleshooting, Troubleshooting SELinux, X Problems
types related to, SELinux General Types
User-Mode Linux (UML) and, SELinux Components and Linux Security Modules (LSM)
versions of, SELinux Versions
web sites for, Web and FTP Sites
using X with, Installing SELinux
/selinux filesystem, Dynamically setting the operating mode
SELinux policy, The SELinux Policy
(see also entries under policy)
examining sample policy, Examining a Sample Policy, Examining a Sample Policy
FC (file context) files, Anatomy of a Simple SELinux Policy Domain
source tree, The SELinux Policy Source Tree
syntax of, SELinux Policy Syntax, SELinux Policy Syntax
TE (type enforcement) files, Anatomy of a Simple SELinux Policy Domain
two forms of, Two Forms of an SELinux Policy
SELinux policy compiler, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
selinux-policy-default package, Debian GNU/Linux
sem (object security class), Subjects and Objects, Security Object Classes
send operation, SELinux Operations
sendto operation, SELinux Operations
send_msg operation, SELinux Operations
Sepcut tool, Supplementary SELinux tools, Policy Management Tools, Sepcut
server_pty type attribute, SELinux Type Attributes
serviceusers file, The Policy Source Directory, The SELinux Policy Source Tree
sestatus command, Setting Booleans via the /selinux filesystem
setattr operation, SELinux Operations
setbool command, Boolean Declarations, SELinux Operations
setcap operation, SELinux Operations
setenforce command, SELinux commands, Dynamically setting the operating mode, SELinux Operations
setfiles command, SELinux commands
setfiles utility, Transient and Persistent Objects
labeling/relabeling filesystems, The setfiles utility, Adding Permissions, Load the Revised Policy and Label the Domains
relabeling problem scripts with, Daemon Problems
repairing file labels, Setting user passwords
troubleshooting login problems with, Local Login Problems
setfscreate operation, SELinux Operations
setgid operation, SELinux Operations
setopt operation, SELinux Operations
setpcap operation, SELinux Operations
setpgid operation, SELinux Operations
setrlimit operation, SELinux Operations
setsched operation, SELinux Operations
setuid operation, Examining a Sample Policy, SELinux Operations
Seuserx tool, Supplementary SELinux tools, Policy Management Tools, Seuserx
shadow_t type, SELinux General Types
share operation, SELinux Operations
shared library in SELinux, The SELinux Shared Library
shell_exec_t type, SELinux General Types
shlib_t type, SELinux General Types
shm (object security class), Subjects and Objects, Security Object Classes
shm (pseudofilesystem with shared memory object), Syntax of Filesystem Labeling Declarations
show_bools command, Tuning via policy Booleans
shutdown operation, SELinux Operations
Sid (Debian GNU/Linux 3.0 unstable), Debian GNU/Linux, Debian GNU/Linux
SIDs (security identifiers), Security Contexts
flask/initial_sids file, The flask/initial_sids file
sid_to_context operation, SELinux Operations
sigchld operation, SELinux Operations
siginh operation, SELinux Operations
sigkill operation, SELinux Operations
signal operation, SELinux Operations
signal_perms macro, SELinux Macros Defined in src/policy/macros
signull operation, SELinux Operations
sigstop operation, SELinux Operations
single_userdomain macro, Tuning via macros
Smalley, Stephen, References, The SELinux policy compiler (checkpolicy)
snapshots of current processes, Viewing a process security context
Snort intrusion detection application, files associated with, Anatomy of a Simple SELinux Policy Domain, Macro invocations
snort.fc file, The snort.fc File
snort.te file, The snort.te File
socket (object security class), Subjects and Objects, Security Object Classes
socket_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
socket_type type attribute, SELinux Type Attributes
sockfs (pseudofilesystem with socket), Syntax of Filesystem Labeling Declarations
sock_file (object security class), Subjects and Objects, Security Object Classes
software complexity, contributing to software threats, Software complexity
software threats and the Internet, Software Threats and the Internet, Mandatory access control
sound_device_t type, SELinux General Types
source files for SELinux, The SELinux Security Policy, The SELinux Security Policy
checkpolicy command and, The SELinux policy compiler (checkpolicy), Two Forms of an SELinux Policy
SPEC file, The Policy Source Directory
special notations for types/classes/permissions, Special notations for types, classes, and permissions, Special notations for types, classes, and permissions
special tokens in regular expressions, The file_contexts Subdirectory
src_t type, SELinux General Types
ssh program, Modified Linux commands and programs
SSHd program, troubleshooting, Daemon Problems
sshd_t domain, Transition Decisions
ssh_sysadm_login macro, Tuning via macros
stack canaries, Memory protection
stacks, nonexecutable, Memory protection
staff_r role, Entering a Role, Customizing Roles
authorizing users to access domain, Test and Revise the TE and FC Files as Needed
limiting permissions available to users, Allowing a User Access to an Existing Domain
staff_read_sysadm_file macro, Tuning via macros
startx domain (domains/misc subdirectory), The domains Subdirectory
status information, viewing with sestatus command, Setting Booleans via the /selinux filesystem
stat_file_perms macro, SELinux Macros Defined in src/policy/macros
stream_socket_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
subjects, Subjects and Objects, Subjects and Objects
subtraction (special notation), Special notations for types, classes, and permissions
SUSE Linux, SELinux History
installing SELinux using RPM packages, SUSE Linux
swapfile_t type, SELinux General Types
swapon operation, SELinux Operations
switching SELinux modes, Switching Modes, Disabling SELinux at boot time
troubleshooting program execution programs, Program Execution Problems
syntax diagrams, What Railroad Diagrams Do, How Railroad Diagrams Work
sysadmfile type attribute, SELinux Type Attributes
sysadm_r role, Entering a Role
changing user_r role to, Associating a user with a nondefault role
customizing, Customizing Roles
transitioning to, Adding a System Administrator
sysctl_dev_t type, SELinux General Types
sysctl_fs_t type, SELinux General Types
sysctl_hotplug_t type, SELinux General Types
sysctl_irq_t type, SELinux General Types
sysctl_kernel_t type, SELinux General Types
sysctl_kernel_writer type attribute, SELinux Type Attributes
sysctl_modprobe_t type, SELinux General Types
sysctl_net_t type, SELinux General Types
sysctl_net_unix_t type, SELinux General Types
sysctl_net_writer type attribute, SELinux Type Attributes
sysctl_rpc_t type, SELinux General Types
sysctl_t type, SELinux General Types
sysctl_type type attribute, SELinux Type Attributes
sysctl_vm_t type, SELinux General Types
sysfs_t type, SELinux General Types
syslogd domain definition, Type Declarations
syslogd_t type, Type Declarations
syslog_console operation, SELinux Operations
syslog_mod operation, SELinux Operations
syslog_read operation, SELinux Operations
system (object security class), Subjects and Objects, Security Object Classes
system administrators, adding, Adding a System Administrator
system_domain macro, SELinux Macros Defined in src/policy/macros
system_map_t type, SELinux General Types
system_r role, Entering a Role, Customizing Roles
sys_admin operation, SELinux Operations
sys_boot operation, SELinux Operations
sys_chroot operation, SELinux Operations
sys_module operation, SELinux Operations
sys_nice operation, SELinux Operations
sys_pacct operation, SELinux Operations
sys_ptrace operation, SELinux Operations
sys_rawio operation, SELinux Operations
sys_resource operation, SELinux Operations
sys_time operation, SELinux Operations
sys_tty_config operation, SELinux Operations

T

tape_device_t type, SELinux General Types
targets (operations) supported by Makefile, The SELinux Makefile, Using the SELinux Makefile
tcp_recv operation, SELinux Operations
tcp_send operation, SELinux Operations
tcp_socket (object security class), Subjects and Objects, Security Object Classes
tcp_socket_t type, SELinux General Types
TCSEC (Trusted Computer System Evaluation Criteria), SELinux History
TE (type enforcement) declarations, Type-Enforcement Declarations, Conditional Declarations
te_rbac policy element, SELinux Policy Syntax
TE (type enforcement) files, The SELinux Security Policy
avoiding modification of existing files, Using Audit2allow
creating, Create a Basic TE File, Using Audit2allow
manual installation by system administrators, The domains Subdirectory
role type declarations and, Role Type Declarations
testing/revising, Test and Revise the TE and FC Files as Needed, Test and Revise the TE and FC Files as Needed
troubleshooting, Setting the initial operating mode
understanding how SELinux policy operates, Anatomy of a Simple SELinux Policy Domain, Macro invocations
TE (type enforcement) model, How SELinux Works, The SELinux Type-Enforcement Model
TE access-vector declarations (te_avtab_def), TE Access-Vector Declarations, Macros that specify and authorize transitions
TE Rules tab (Apol window), Policy rules
Test Policy tab (Sepcut window), Sepcut
test_file_t type, SELinux General Types
tetex_data_t type, SELinux General Types
te_rbac policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
TE and RBAC declarations, SELinux Policy Syntax
Thompson, Kerry, Web and FTP Sites
threats to the Internet, Software Threats and the Internet, Mandatory access control
active content contributing to, Active content and mobile code
mobile code contributing to, Active content and mobile code
network connectivity contributing to, Network connectivity
software complexity contributing to, Software complexity
tmp subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
tmpfile type attribute, SELinux Type Attributes
tmpfs (pseudofilesystem with memory-resident filesystem), Syntax of Filesystem Labeling Declarations
tmpfsfile type attribute, SELinux Type Attributes
tmpfs_domain macro, SELinux Macros Defined in src/policy/macros
tmpfs_t type, SELinux General Types
tmp_domain macro, SELinux Macros Defined in src/policy/macros
tmp_t type, SELinux General Types
tokens in regular expressions, The file_contexts Subdirectory
tools in SELinux, SELinux Tools
traceroute command, controlling access to, Boolean Declarations
traceroute_t domain, Adding Permissions
authorizing access
to entire domain, Allowing a User Access to an Existing Domain
to pseudoterminals, Test and Revise the TE and FC Files as Needed
using macros, Test and Revise the TE and FC Files as Needed
examining FC file for, Adding Permissions
transient objects, Transient and Persistent Objects
transition decisions, Access Decisions, Transition Decisions, Transition Decisions
transition declarations (transition_def), Transition Declarations
transition operation, SELinux Operations
transitioning to new domains, How SELinux Works, Examining a Sample Policy
transitions
authorizing, with access-vector rules, Macros that specify and authorize transitions
between roles, governed by allow statements, The SELinux Role-Based Access Control Model, Role Allow Declarations
specifying, with type-transition rules, Macros that specify and authorize transitions
transition_sid operation, SELinux Operations
transitive information flow analysis, Analysis
Tresys Technology
Apol tool, Apol, Analysis
policy management tools, Policy Management Tools, Seuserx
Seaudit tool, Seaudit
Sepcut tool, Sepcut
Seuserx tool, Seuserx
tools provided by, Supplementary SELinux tools
troubleshooting SELinux, Troubleshooting SELinux, X Problems
boot problems, Setting the initial operating mode, Boot Problems
daemon problems, Daemon Problems
local login problems, Local Login Problems
program execution problems, Program Execution Problems
X problems, X Problems
Trusted Computer System Evaluation Criteria (TCSEC), SELinux History
TrustedBSD, SELinux Components and Linux Security Modules (LSM)
ttyfile type attribute, Examining a Sample Policy, SELinux Type Attributes
tty_device_t type, SELinux General Types
tunable.te file, The Policy Source Directory, The SELinux Policy Source Tree
enabling/disabling direct_sysadm_daemon macro, Adding a System Administrator
enabling/disabling user_canbe_sysadm macro, Adding an Ordinary User
macros defined in, Tuning via macros, Tuning via macros
tuning
Fedora Core 2 SELinux, Tuning Fedora Core 2 SELinux, Setting Booleans via the /selinux filesystem
via macros, Tuning via macros, Tuning via macros
via policy Booleans, Tuning via policy Booleans
tun_tap_device_t type, SELinux General Types
type attributes
creating/modifying, Type Declarations, Examining a Sample Policy
in Fedora Core 2 SELinux, Attribute Declarations, SELinux Type Attributes, SELinux Type Attributes
type declarations (type_def), Type Declarations
type enforcement (TE) declarations, Type-Enforcement Declarations, Conditional Declarations
te_rbac policy element, SELinux Policy Syntax
type enforcement (TE) model, How SELinux Works, The SELinux Type-Enforcement Model
type enforcement files files (see TE (type enforcement)
type line in snort.te file, The type line
type tokens in regular expressions, The file_contexts Subdirectory
type transitions, Transition Decisions
authorizing automatic, Test and Revise the TE and FC Files as Needed
rules for specifying transitions, Macros that specify and authorize transitions
syntax of, Transition Declarations
type-alias declarations (typealias_def), Type-Alias Declarations
types in SELinux, Security Contexts, SELinux General Types, SELinux General Types
device-related, SELinux General Types
file-related, SELinux General Types, SELinux General Types
networking, SELinux General Types
/proc-related, SELinux General Types
types subdirectory, Two Forms of an SELinux Policy, The SELinux Policy Source Tree
files in, The types Subdirectory
Types tab (Apol window), Policy components
types, special notations for, Special notations for types, classes, and permissions, Special notations for types, classes, and permissions
types.fc file, The file_contexts Subdirectory, The SELinux Policy Source Tree

U

udev_runtime_t type, SELinux General Types
udp_recv operation, SELinux Operations
udp_send operation, SELinux Operations
udp_socket (object security class), Subjects and Objects, Security Object Classes
UML (User-Mode Linux) and SELinux, SELinux Components and Linux Security Modules (LSM)
unconfined_domain macro, SELinux Macros Defined in src/policy/macros
Unix stream sockets, creating, Examining a Sample Policy
unix_dgram_socket (object security class), Subjects and Objects, Security Object Classes
unix_read operation, SELinux Operations
unix_stream_socket (object security class), Subjects and Objects, Security Object Classes
unix_write operation, SELinux Operations
unlabeled_t type, SELinux General Types
unlimitedServices macro, Tuning via macros
unlimitedUsers macro, Tuning via macros
unlink operation, SELinux Operations
unmount operation, SELinux Operations
unpriv_socket_class_set macro, Transition Declarations, SELinux Macros Defined in src/policy/macros
unpriv_userdomain type attribute, SELinux Type Attributes
unrestricted_admin macro, Tuning via macros
unsupported platforms, installing SELinux on, Installing from Source
Update Policy button (Seuserx window), Seuserx
uppercase vs. lowercase identifiers, Basic Policy Elements
urandom_device_t type, SELinux General Types
usbdevfs_t type, SELinux General Types
usbfs_t type, SELinux General Types
use operation, SELinux Operations
user account databases, keeping Linux separate from SELinux, Security Contexts
user accounts, adding, Adding Users, Setting user passwords, Adding an Ordinary User
user declarations, syntax of, User Declarations
user identities in SELinux, Security Contexts
adding ordinary users, Adding an Ordinary User
adding system administrators, Adding a System Administrator
constraint declarations and, Constraint Declarations
user passwords, setting, Setting user passwords
user security context, viewing, Viewing the user security context
user statements, assigning roles to users, The SELinux Role-Based Access Control Model
User-Mode Linux (UML) and SELinux, SELinux Components and Linux Security Modules (LSM)
user.te file, The domains Subdirectory, The SELinux Policy Source Tree
useradd command, Adding Users
usercanread type attribute, SELinux Type Attributes
userdomain type attribute, SELinux Type Attributes
userpty_type type attribute, SELinux Type Attributes
users file, The Policy Source Directory, The SELinux Policy Source Tree
creating user identities, Creating an SELinux User
defining roles and associating with users, Customizing Roles
users policy element, SELinux Policy Syntax, Review of SELinux Policy Syntax
Users tab (Apol window), Policy components
user_application_domain macro, SELinux Macros Defined in src/policy/macros
user_canbe_sysadm macro, Tuning via macros, User Declarations, Adding an Ordinary User
user_can_mount macro, Tuning via macros
user_crond_domain type attribute, SELinux Type Attributes
user_domain macro, SELinux Macros Defined in src/policy/macros
user_home_dir_t security context, Adding Users
user_home_dir_type type attribute, SELinux Type Attributes
user_home_type type attribute, SELinux Type Attributes
user_macros.te file, The macros Subdirectory, Examining a Sample Policy, The SELinux Policy Source Tree
user_mail_domain type attribute, SELinux Type Attributes
user_mini_domain type attribute, SELinux Type Attributes
user_net_control macro, Tuning via macros
user_ping Boolean, Tuning via policy Booleans
user_ping Boolean declaration, Boolean Declarations, Conditional Declarations
user_r role, Entering a Role, Customizing Roles
changing to sysadm_r role, Associating a user with a nondefault role
user_rw_noexattrfile macro, Tuning via macros
user_tmpfile type attribute, SELinux Type Attributes
uses_authbind macro, SELinux Macros Defined in src/policy/macros
uses_shlib macro, Examining a Sample Policy, SELinux Macros Defined in src/policy/macros
use_games macro, Tuning via macros
usr_t type, SELinux General Types

V

v4l_device_t type, SELinux General Types
var_lib_domain macro, SELinux Macros Defined in src/policy/macros
var_lib_nfs_t type, SELinux General Types
var_lib_t type, SELinux General Types
var_lock_t type, SELinux General Types
var_log_ksyms_t type, SELinux General Types
var_log_t type, SELinux General Types
var_run_domain macro, SELinux Macros Defined in src/policy/macros
var_run_t type, SELinux General Types
var_spool_t type, SELinux General Types
var_t type, SELinux General Types
var_yp_t type, SELinux General Types
VERSION file, The Policy Source Directory
versions of SELinux, SELinux Versions
View/Change button (Seuserx window), Seuserx
virtual filesystems, Dynamically setting the operating mode
virtual machines and User-Mode Linux (UML), SELinux Components and Linux Security Modules (LSM)
vixie-cron package, Installing SELinux to an existing Gentoo Linux system
vi_t domain, Transition Decisions
Vogt, Tom, SUSE Linux
vulnerabilities, 0-day, The Patch Cycle and the 0-Day Problem, Protecting Against 0-Days

W

Walsh, Dan, Red Hat Enterprise Linux
web sites for SELinux, Web and FTP Sites
Weber, Michael, Memory protection
web_client_domain type attribute, SELinux Type Attributes
wget command, Installing SELinux to a fresh Gentoo system
Wiki, SELinux, SUSE Linux
Wirth, Niklaus, Railroad Diagrams
Woody (Debian GNU/Linux 3.0 stable), Debian GNU/Linux
write operation, SELinux Operations
writehome macro, Tuning via macros
wtmp_t type, SELinux General Types

X

X window systems
troubleshooting problems with, X Problems
using SELinux with, Installing SELinux
xdm_sysadm_login macro, Tuning via macros
xfs (Linux Xfs filesystem), Syntax of Filesystem Labeling Declarations
xserver_port_t type, SELinux General Types
xserver_tmpfile type attribute, SELinux Type Attributes
x_file_perms macro, SELinux Macros Defined in src/policy/macros

Z

zero_device_t type, SELinux General Types
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset