Next: 3 Components of Simplified
Up: Configuring SELinux by Simplified
Previous: 1 About this document
Contents
SELinux[1] implements fine-grained Mandatory Access Control
on Linux. However, the access control is too fine-grained and its
policy tends to be too complicated. So it is very difficult to understand and configure policy.
"Simplified policy" is a policy written in simplified policy
language. Simplified policy language reduces the number of policy
description by hiding type label from users and integrating object
classes and access vectors. User can use SELinux system easily by
using this. For example, if httpd_t domain want to read /var/www and
use tcp port 80, the configuration is like below.
{
domain httpd_t;
allow /var/www r,s;
allownet -tcp -port 80;
Simplified policy was originally developed as a part of SELinux Policy
Editor[2][3] by Hitachi
Software[4]. Now it is maintained in SELinux Policy
Editor Project[5]. Fedora Core4 and 3 are supported. Simplified Policy does not affect existing SELinux, you can go back default SELinux easily. Feel free to try!
2005-07-19