next up previous contents
Next: 3 Components of Simplified Up: Configuring SELinux by Simplified Previous: 1 About this document   Contents

2 Overview

SELinux[1] implements fine-grained Mandatory Access Control on Linux. However, the access control is too fine-grained and its policy tends to be too complicated. So it is very difficult to understand and configure policy. "Simplified policy" is a policy written in simplified policy language. Simplified policy language reduces the number of policy description by hiding type label from users and integrating object classes and access vectors. User can use SELinux system easily by using this. For example, if httpd_t domain want to read /var/www and use tcp port 80, the configuration is like below.
{
domain httpd_t;
allow /var/www r,s;
allownet -tcp -port 80;

Simplified policy was originally developed as a part of SELinux Policy Editor[2][3] by Hitachi Software[4]. Now it is maintained in SELinux Policy Editor Project[5]. Fedora Core4 and 3 are supported. Simplified Policy does not affect existing SELinux, you can go back default SELinux easily. Feel free to try!



2005-07-19