Re: [Non-DoD Source] The order of policy rules in SELinux policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/1/18 11:46 PM, amir.imen@xxxxxxxxx wrote:
I wonder if the order of rules (i.e., the arrangement of rules) in SELinux policies are important or not. For example, putting constrain rules before or after certain allow rules can change the decision of the policy?

The order of policy rules will not effect access decisions, so it does not matter whether a constrain rule or allow rule comes first.

If you build a policy using a policy.conf file and checkpolicy, then there is a particular order that all the rules must be in, but most people will not be building policy that way.

The order of labeling rules such as portcon and file contexts can be important, but they are sorted automatically when using the normal policy tools to put the rules in a logical and consistent order.

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx



--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux