Querying SELinux policy for boolean information
by Sven Vermeulen, post on Fri 28 March 2014Within an SELinux policy, certain access vectors (permissions) can be conditionally granted based on the value of a SELinux boolean.
To find the list of SELinux booleans that are available on your system, you can use the getsebool -a method, or semanage boolean -l. The latter also displays the description …
Using CUSTOM_BUILDOPT in refpolicy for USE flag-alike functionality?
by Sven Vermeulen, post on Fri 16 August 2013As you are probably aware, Gentoo uses the reference
policy as its base for
SELinux policies. Yes, we do customize it and not everything is already
pushed upstream (for instance, our approach to use xdg_*_home_t
customizable types to further restrict user application access has been
sent up for comments …
A SELinux policy for incron: using booleans
by Sven Vermeulen, post on Thu 30 May 2013After using a default set of directories to watch, and allowing admins to mark other types as such as well, let's consider another approach for making the policy more flexible: booleans. The idea now is that a boolean called incron_notify_non_security_files enables incrond to be notified on changes on all possible …