-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/18/2013 10:33 PM, bigclouds wrote: > hi,all > > how to test selinux. > > in my case, qemu-kvm process has a MCS, how to confirm its authority is > limited in this MCS? > > and check out what kinds of authority this qemu-kvm process domain has? > the authority like user shell(if it is exploited), how many dirs,files > MCS can access, and read-write perms? > > thanks > > > > > > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > I explained MCS separation in a blog http://danwalsh.livejournal.com/63472.html You can use sesearch to figure out what an svirt_t is allowed to access sesearch -A -s svirt_t -c file -p write Will show you the types that svirt_t can write to. man svirt_selinux Will also give you some good info. If you want to experiment read the following blog. http://danwalsh.livejournal.com/44090.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlFxMYwACgkQrlYvE4MpobNKLwCfRY7PUg3h0mAg15crs/t1wMVl JBYAnj4mFd4J5uyKX5cEftKv5vq6oLsR =Ddhw -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
