Hi,
I'm not sure, if I understand you question, but SELinux will denied
everything what is not allowed in policy. So if you have rule1 and X is
source domain, it will be always allowed because you have rule for it.
For example:
$ sesearch -A -s ftpd_t -t ftpd_var_run_t -c file -p write -C
Found 2 semantic av rules:
allow ftpd_t ftpd_var_run_t : file { ioctl read write create getattr
setattr lock append unlink link rename open } ;
We use also booleans to change some rules dynamically:
DT allow ftpd_t non_security_file_type : file { ioctl read write create
getattr setattr lock append unlink link rename open } ; [ ftpd_full_access ]
For SELinux "queries" you can use tool "sesearch" and for managing
booleans "semanage boolean".
Regards,
Lukas.
On 10/05/2016 07:53 PM, kambiz kambiz wrote:
Hi ,
I would like to ask helping me forming two specific requests to SELinux policy. I am researching on SELinux and need to find typical
requests (Queries) with different decisions from SELinux policy that have following property:
-- Two real-world sample requests that one of them just include more information that the other and will result in different decisions?
(Example: R1: X --> Grant , R2: X+Y --> Deny)
Thank you,
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
