Next:
Contents
Contents
Specification of Simplified Policy Description Language(SPDL) ver 2.0
Yuichi Nakamura
1
Contents
1 Overview
1.1 Feature
1.2 Overview of SPDL congiguration elements
1.3 Default deny rule
1.4 Terms
2 Structure of configuration by simplified language
2.1 Syntax of section
3 Including configuration from other file:include
4 Declaring domain and role
4.1 declare domain:domain
4.2 declare role:role
5 Configuring RBAC:user
6 Configuring domain transition:domain_trans
6.1 Domain transition:domain_trans
6.2 Simplified domain transition:program
7 Configuring access control to normal files:allow/deny
7.1 allow
7.2 deny
7.3 Priority of allow, deny when conflict happens
7.4 Special files
8 Configuring access control to devices:allowdev
8.1 allowdev(1)
8.2 allowdev(2)
9 Configuring access control to files on misc file systems:allowfs
10 Configuring access control to temporaly file:allowtmp
10.1 Why allowtmp is necessary?
10.2 What is allowtmp?
10.3 Syntax and meaning
11 Configuring access control to network:allownet
11.1 Port usage
11.2 Usage of RAW socket
11.3 Usage of Network Interface(netif) and IP address(node)
11.4 Inheriting socket from other domain
12 Configuring access control to process communication:allowcom
12.1 allowcom (IPC)
12.2 allowcom(Signal)
13 Configuring access control other administrative access rights:allowpriv
13.1 allowpriv: related to kernel
13.2 allowpriv: related to SELinux operations
13.3 allowpriv: other privileges
13.4 denypriv
About this document ...
Yuichi 2006-05-15