LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-22-2014, 01:49 PM   #1
cquick197
LQ Newbie
 
Registered: Feb 2014
Posts: 15

Rep: Reputation: 0
SELinux possible to allow role to type?


Hello, I am looking for a way to allow a role to have rw permissions for a certain type. All I see is type to type, such as:
Code:
allow auditd_t auditd_log_t:file { write };
but what I would like to do is something like:
Code:
allow somerole_r sometype_t:file { read };
Is this possible? Or what would I use as a type, when all I have is a role defined? Or what would I do to create a type that defines a role?


Thank you in advance!
 
Old 04-22-2014, 04:07 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,394
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
If this somehow relates to your
Quote:
Originally Posted by cquick197 View Post
Is it possible to do this in SELinux, even though it may not be the best way?
question in your previous thread then I'd have to agree that, unless you explain in detail what "the security policy for the box" (your reply #3) means, using Sudo would be the easiest, most efficient way forward. I haven't read that much of Prentice Hall's Lightsaber book, so if you want or are forced to do this with SELinux you should have a look at the Fedora SELinux Sandbox feature and posts by Dan Walsh about it.
 
Old 04-22-2014, 04:17 PM   #3
cquick197
LQ Newbie
 
Registered: Feb 2014
Posts: 15

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by unSpawn View Post
If this somehow relates to your question in your previous thread then I'd have to agree that, unless you explain in detail what "the security policy for the box" (your reply #3) means, using Sudo would be the easiest, most efficient way forward. I haven't read that much of Prentice Hall's Lightsaber book, so if you want or are forced to do this with SELinux you should have a look at the Fedora SELinux Sandbox feature and posts by Dan Walsh about it.
The "security policy for the box" is basically this:
Quote:
The following table lists which roles will need access to which types, and what level of access is required (read, write, or execute).
and then it gives me a table
SELinux Role -- SELinux Type ----- Access
role1_r -------- blahtype_t -------- r
role1_r -------- blahtype2_t ------ rw
role2_r -------- blahtype_t -------- r
role2_r -------- blahtype3_t -------w
etc...


So I need to be able to do this in SELinux. I have a list of roles, a list of types, and the permissions each needs to do.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Selinux-how do i find out what domains have permissions on what type?(selinux policy) vishyc88 Linux - Security 2 11-22-2010 05:27 AM
Disabling SELinux on httpd put it in initrc_t type rather than unconfined_t n03x3c Linux - Security 1 07-15-2010 10:23 PM
SELinux: rules migration to new version - unknown type var_lib_t zbiggy Fedora 1 05-11-2009 10:43 AM
LXer: Role-based Access Control in SELinux LXer Syndicated Linux News 0 02-18-2008 10:50 PM
type declaration in SELinux silvercloud Linux - Enterprise 0 08-23-2005 04:47 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration