SELinux Cookbook

Book Description

Over 70 hands-on recipes to develop fully functional policies to confine your applications and users using SELinux

About This Book

• Design custom SELinux policies and understand the reference policy interface constructions to build readable SELinux policy rules
• Experience the wide range of security controls SELinux offers by customizing web application confinement
• Step-by-step recipes exploring the SELinux environment

Who This Book Is For

If you are a Linux system administrator or a Linux-based service administrator and want to fine-tune SELinux to implement a supported, mature, and proven access control system, then this book is for you. Basic experience with SELinux enabled distributions is expected.

In Detail

In SELinux Cookbook, we cover everything from how to build SELinux policies to the integration of the technology with other systems and look at a wide range of examples to assist in creating additional policies. The first set of recipes work around file labeling as one of the most common and important SELinux administrative aspects. Then, we move on to custom policy development, showing how this is done for web application confinement, desktop application protection, and custom server policies. Next, we shift our focus to the end user, restricting user privileges and setting up role-based access controls. After that, we redirect our focus to the integration of SELinux with Linux systems, aligning SELinux with existing security controls on a Linux system. Finally, we will learn how applications interact with the SELinux subsystem internally; ensuring that whatever the challenge, we will be able to find the best solution.

Table of Contents

Chapter 1. The SELinux Development Environment
Chapter 2. Dealing with File Labels
Chapter 3. Confining Web Applications
Chapter 4. Creating a Desktop Application Policy
Chapter 5. Creating a Server Policy
Chapter 6. Setting Up Separate Roles
Chapter 7. Choosing the Confinement Level
Chapter 8. Debugging SELinux
Chapter 9. Aligning SELinux with DAC
Chapter 10. Handling SELinux-aware Applications

中文：

书名：SELinux Cookbook

超过70个实践食谱，可开发功能齐全的策略来限制您的应用程序和使用SELinux的用户

关于本书

• 设计自定义SELinux策略并了解参考策略接口构造，以构建可读的SELinux策略规则
• 通过定制Web应用程序限制，体验SELinux提供的广泛安全控制
• 探索SELinux环境的分步指南

这本书是为谁写的

如果您是一名Linux系统管理员或基于Linux的服务管理员，并且希望对SELinux进行微调以实现一个受支持的、成熟的和经过验证的访问控制系统，那么这本书是为您准备的。需要具备支持SELinux的发行版的基本经验。

详细地说

在SELinux Cookbook中，我们涵盖了从如何构建SELinux策略到该技术与其他系统的集成的方方面面，并查看了广泛的示例以帮助创建其他策略。第一组方法将文件标签作为最常见和最重要的SELinux管理方面之一。然后，我们将继续进行定制策略开发，展示如何针对Web应用程序限制、桌面应用程序保护和定制服务器策略进行定制策略开发。接下来，我们将重点转向最终用户，限制用户权限并设置基于角色的访问控制。在那之后，我们将重点转向SELinux与Linux系统的集成，使SELinux与Linux系统上的现有安全控制保持一致。最后，我们将学习应用程序如何与SELinux子系统进行内部交互；确保无论遇到什么挑战，我们都能够找到最佳解决方案。

目录表

第1章.SELinux开发环境
Chapter 2. Dealing with File Labels
Chapter 3. Confining Web Applications
第4章.创建桌面应用程序策略
Chapter 5. Creating a Server Policy
Chapter 6. Setting Up Separate Roles
Chapter 7. Choosing the Confinement Level
第8章.调试SELinux
Chapter 9. Aligning SELinux with DAC
第10章.处理支持SELinux的应用程序