Next: 8.2 Default deny rule
Up: 8 Specification of simplified
Previous: 8 Specification of simplified
Contents
Subsections
- Domain
Domain is the same as domain in SELinux. It is attached to process by domain transition.
- Role
Role in simplified policy language is simplified. Role is identified
with a domain for user shell. In simplified language, we describe access
rights for role. In fact, it is giving access rights for user
shell of the role. For example, when you give access right for
sysadm_r, access right is given to
sysadm_t(Domain for user shell of sysadm_r).
Note that in generated SELinux policy, all roles can type every types.
There is no syntax corresponding to role:x:types:y in simplified language.
- global domain
Domain that is named global is special. Configuration described in global domain is inherited by all domains. For example, if you allow to read /etc in global domain, httpd_t, sendmail_t and all other domains can read /etc.
2005-07-19