[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

selinux policy for encrypted files



Hi all

i want to write a policy for encrypted files.
In order to do this i created some new types which have the
name of the correspondent type used for non encrypted files,
with the prefix 'encrypted_'.
Then i need to define the policy for applications that need to
use these new types which is very similar to this defined
for original types, except that i want to take rules only
for the 'dir' and 'file' class.
What this the best way to define the policy? Do i have
to duplicate all required interfaces/templates or can i reuse
the existent code, for instance by adding a new parameter?

I will show an example of what i'm trying to define.

New type: encrypted_etc_t;

Example interface:

interface(`files_list_etc',`
	gen_require(`
		type etc_t;
	')

	allow $1 etc_t:dir list_dir_perms;
')


Added interface:

interface(`files_list_encrypted_etc',`
	gen_require(`
		type encrypted_etc_t;
	')

	allow $1 encrypted_etc_t:dir list_dir_perms;
')
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux


[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux

Google
  Web www.spinics.net