hi,all
there are not many document about internal of selinux on the internet.
could you answer my questions, thanks
# ps -eZ | grep qemu-kvm
system_u:system_r:svirt_t:s0:c87,c520 27950 ? 00:00:17 qemu-kvm
1.there, svirt_t is a domain or a type? how to create a new type , just a sample is ok
2.how to know how much authority , on how many files,dirs,sockets.... the process of qemu-kvm has? is there a command to show that?
of cource a image labeled with system_u:object_r:svirt_image_t:s0:c87,c520 is accessable by that qemu-kvm, anything else?
if a process is compromised, how much resources the process expose? how to show the resources to user(throught a command)?
3. s0, if it can be s1,s2....(images have the same s*), if i do so , any other requirement?
if type is targeted, if targeted has only one level, s0? in targeted case, s1,s2...is not valid?
4.what does s(sensitive) and c(class) mean?
5. there are two class, c520,c87. what is the upper limit of class amount.
many thanks
--rpm
libselinux-utils-2.0.94-5.3.el6_4.1.x86_64
selinux-policy-targeted-3.7.19-195.el6_4.5.noarch
libselinux-python-2.0.94-5.3.el6_4.1.x86_64
libselinux-2.0.94-5.3.el6_4.1.x86_64
selinux-policy-3.7.19-195.el6_4.5.noarch
libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
selinux-policy-targeted-3.7.19-195.el6_4.5.noarch
libselinux-python-2.0.94-5.3.el6_4.1.x86_64
libselinux-2.0.94-5.3.el6_4.1.x86_64
selinux-policy-3.7.19-195.el6_4.5.noarch
libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
