Next:
Contents
Contents
Specification of Simplified Policy Description Language(SPDL) ver 2.1.
Yuichi Nakamura
1
Contents
1 Overview
1.1 Feature
1.2 Overview of SPDL configuration elements
1.3 Default deny rule
1.4 Terms
2 Structure of configuration by simplified language
2.1 Syntax of section
3 Import configuration from other file:include
4 Declare domain and role
4.1 Declare domain:domain
4.2 Declare role:role
5 Configure RBAC:user
6 Domain transition
6.1 Domain transition:domain_trans
6.2 Simplified domain transition:program
7 Access control to normal files:allow/deny
7.1 allow
7.2 deny
7.3 Priority of allow, deny when conflict happens
7.4 Special files
7.5 Notice about links
8 Access control to devices:allowdev
8.1 allowdev(1)
8.2 allowdev(2)
9 Access control to files on misc file systems:allowfs
10 Access control to temporally file:allowtmp
10.1 Why allowtmp is necessary?
10.2 What is allowtmp?
10.3 Syntax and meaning
11 Access control to network:allownet
11.1 Port usage
11.2 Usage of RAW socket
11.3 Usage of Network Interface(netif) and IP address(node)
11.4 Inherit socket from other domain
12 Access control of process communication:allowcom
12.1 allowcom (IPC)
12.2 allowcom(Signal)
13 Access control other administrative access rights:allowpriv
13.1 allowpriv: POSIX capability
13.2 allowpriv: related to kernel
13.3 allowpriv: related to SELinux operations
13.4 allowpriv: other privileges
13.5 denypriv
14 Access control of kernel key retention service:allowkey
About this document ...
Yuichi Nakamura 2006-11-13
