Difference between revisions of "SIDStatements"
(New page: = Security ID (SID) Statement = There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is ...) |
(→Security ID (SID) Statement: added a link for security context) |
||
Line 1: | Line 1: | ||
= Security ID (SID) Statement = | = Security ID (SID) Statement = | ||
− | There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is used to add an initial security context to the SID that is used when SELinux initialises or as a default if an object is not labeled correctly. The Building a Basic Policy section shows their usage. | + | There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is used to add an initial [[security context]] to the SID that is used when SELinux initialises or as a default if an object is not labeled correctly. The Building a Basic Policy section shows their usage. |
== sid Statement == | == sid Statement == |
Revision as of 22:25, 10 September 2010
Security ID (SID) Statement
There are two SID statements, the first one declares the actual SID identifier and is defined at the start of a policy source file. The second statement is used to add an initial security context to the SID that is used when SELinux initialises or as a default if an object is not labeled correctly. The Building a Basic Policy section shows their usage.
sid Statement
The sid statement declares the actual SID identifier and is defined at the start of a policy source file.
The statement definition is:
sid sid_id
Where:
sid | The sid keyword. |
sid_id | The sid identifier. Note that there is no terminating ';'. |
The statement is valid in:
Example:
This example has been taken from the Reference Policy source ../policy/flask/initial_sids file.
# This example was taken from the # ./policy/flask/initial_sids file and declares some # of the initial SIDs: # sid kernel sid security sid unlabeled sid fs
sid context Statement
The sid context statement is used to add an initial security context to the SID that is used when SELinux initialises, or as a default if an object is not labeled correctly.
sid sid_id context
Where:
sid | The sid keyword. |
sid_id | The previously declared sid identifier. |
context | The initial security context associated with the SID. Note that there is no terminating ';'. |
The statements are valid in:
Examples:
# These statements add an initial security context to an object # that is used when SELinux initialises or as a default if a # context is not available or labeled incorrectly. # # This one is from a targeted policy: sid unlabeled system_u:object_r:unlabeled_t # This one is from an MLS policy. Note that the security level is # set to SystemHigh as it may need to label any object in the # system. sid unlabeled system_u:object_r:unlabeled_t:s15:c0.c255