CIL and attributes
by Sven Vermeulen, post on Sun 15 February 2015I keep on struggling to remember this, so let's make a blog post out of it ;-)
When the SELinux policy is being built, recent userspace (2.4 and higher) will convert the policy into CIL language, and then build the binary policy. When the policy supports type attributes, these are …
A SELinux policy for incron: marking types eligible for watching
by Sven Vermeulen, post on Wed 29 May 2013In the
previous
post we made incrond able to watch public_content_t and
public_content_rw_t types. However, this is not scalable, so we might
want to be able to update the policy more dynamically with additional
types. To accomplish this, we will make types eligible for watching
through an attribute.
So how …