Red Hat Enterprise Linux 4
Red Hat SELinux Guide
Red Hat Enterprise Linux 4: Red Hat SELinux Guide
Copyright © 2005 by Red Hat, Inc.
Red Hat, Inc.
1801 Varsity Drive
Raleigh NC 27606-2072 USA
Phone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588
Research Triangle Park NC 27709 USA
rhel-selg(EN)-4-Print-RHI (2005-02-15-T16:20)
Copyright © 2005 by Red Hat, Inc. This material may be distributed only subject to the terms and conditions set forth in the
Open Publication License, V1.0 or later (the latest version is presently available at http://www.opencontent.org/openpub/).
Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright
holder.
Distribution of the work or derivative of the work in any standard (paper) book form for commercial purposes is prohibited
unless prior permission is obtained from the copyright holder.
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc. in the United States and other
countries.
All other trademarks referenced herein are the property of their respective owners.
The GPG fingerprint of the security@redhat.com key is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
Table of Contents
Introduction to the Red Hat SELinux Guide ....................................................................................i
1. What Is SELinux? ..................................................................................................................i
2. Prerequisites for This Guide .................................................................................................ii
3. Conventions for SELinux Directories and Files ..................................................................iii
4. Document Conventions........................................................................................................iii
5. Code Presentation Conventions ...........................................................................................vi
6. Activate Your Subscription .................................................................................................vii
6.1. Provide a Red Hat Login......................................................................................vii
6.2. Provide Your Subscription Number....................................................................viii
6.3. Connect Your System..........................................................................................viii
7. More to Come ....................................................................................................................viii
7.1. Send in Your Feedback .......................................................................................viii
I. Understanding SELinux ..................................................................................................................i
1. SELinux Architectural Overview.......................................................................................... 1
1.1. Flask Security Architecture and SELinux.............................................................. 1
1.2. SELinux, an Implementation of Flask ................................................................... 3
2. SELinux Policy Overview..................................................................................................... 5
2.1. What Is Policy? ...................................................................................................... 5
2.2. Where is the Policy? .............................................................................................. 6
2.3. Policy Role in Boot................................................................................................ 7
2.4. File System Security Contexts ............................................................................... 8
2.5. Object Classes and Permissions........................................................................... 10
2.6. TE Rules - Attributes ........................................................................................... 12
2.7. TE Rules - Types.................................................................................................. 17
2.8. TE Rules - Access Vectors................................................................................... 19
2.9. Policy Macros ...................................................................................................... 21
2.10. SELinux Users and Roles .................................................................................. 24
2.11. TE Rules - Constraints....................................................................................... 26
2.12. Special Interfaces and File Systems................................................................... 27
3. Targeted Policy Overview ................................................................................................... 29
3.1. What is the Targeted Policy?................................................................................ 29
3.2. Files and Directories of the Targeted Policy ........................................................ 30
3.3. Understanding the File Contexts Files................................................................. 38
3.4. Common Macros in the Targeted Policy.............................................................. 39
3.5. Understanding the Roles and Users in the Targeted Policy ................................. 42
4. Example Policy Reference - dhcpd .................................................................................... 47
4.1. Policy File Locations ........................................................................................... 47
4.2. Policy Types - dhcpd........................................................................................... 47
4.3. Boolean Values for dhcpd ................................................................................... 51
II. Working With SELinux............................................................................................................... 53
5. Controlling and Maintaining SELinux ............................................................................... 55
5.1. End User Control of SELinux.............................................................................. 55
5.2. Administrator Control of SELinux ...................................................................... 61
5.3. Analyst Control of SELinux ................................................................................ 70
5.4. Policy Writer Control of SELinux ....................................................................... 71
6. Tools for Manipulating and Analyzing SELinux................................................................ 73
6.1. Information Gathering Tools................................................................................ 73
6.2. Using seaudit for Audit Log Analysis................................................................. 76
6.3. Using apol for Policy Analysis............................................................................ 83
6.4. Performance Tuning............................................................................................. 89
7. Compiling SELinux Policy................................................................................................. 91
7.1. Policy Compile Procedure ................................................................................... 91
7.2. What Happens During Policy Build .................................................................... 93
8. Customizing and Writing Policy......................................................................................... 95
8.1. General Policy Troubleshooting Guidelines ........................................................ 95
8.2. Minor Customizations of the Existing Policy...................................................... 95
8.3. Writing New Policy for a Daemon ...................................................................... 99
8.4. Deploying Customized Binary Policy ............................................................... 101
9. References.................................................................................................................................... 103
III. Appendix ................................................................................................................................... 105
A. Brief Background and History of SELinux...................................................................... 107
Index................................................................................................................................................. 109
Colophon.......................................................................................................................................... 115
Introduction to the Red Hat SELinux Guide
Welcome to the Red Hat SELinux Guide. This guide addresses the complex world of SELinux policy,
and has the goal of teaching you how to understand, use, administer, and troubleshoot SELinux in
a Red Hat Enterprise Linux environment. SELinux, an implementation of mandatory access control
(MAC) in the Linux kernel, adds the ability to administratively define policies on all subjects (pro-
cesses) and objects (devices, files, and signaled processes). These terms are used as an abstract when
discussing actors/doers and their targets on a system. This guide commonly refers to processes, the
source of an operations, and objects, the target of an operation.
This guide opens with a short explanation of SELinux, some assumptions about the reader, and an
explanation of document conventions. The first part of the guide provides an overview of the technical
architecture and how policy works, specifically the policy that comes with Red Hat Enterprise Linux
called the targeted policy. The second part focuses on working with SELinux, including maintaining
and manipulating your systems, policy analysis, and compiling your custom policy. Working with
some of the daemons that are confined by the targeted policy is discussed throughout. These daemons
are collectively called the targeted daemons.
One powerful way of finding information in this guide is the Index. The Index has direct links to
sections on specific terminology, and also features lists of various SELinux syntaxes, as well as what
are/what is and how to entries.
1. What Is SELinux?
This section is a very brief overview of SELinux. More detail is given in Part I Understanding SELinux
and Appendix A Brief Background and History of SELinux.
Security-enhanced Linux (SELinux) is an implementation of a mandatory access control mechanism.
This mechanism is in the Linux kernel, checking for allowed operations after standard Linux discre-
tionary access controls are checked.
To understand the benefit of mandatory access control (MAC) over traditional discretionary access
control (DAC), you need to first understand the limitations of DAC.
Under DAC, ownership of a file object provides potentially crippling or risky control over the object.
A user can expose a file or directory to a security or confidentiality breach with a misconfigured chmod
command and an unexpected propagation of access rights. A process started by that user, such as a
CGI script, can do anything it wants to the files owned by the user. A compromised Apache HTTP
server can perform any operation on files in the Web group. Malicious or broken software can have
root-level access to the entire system, either by running as a root process or using setuid or setgid.
Under DAC, there are really only two major categories of users, administrators and
non-administrators. In order for services and programs to run with any level of elevated privilege, the
choices are few and course grained, and typically resolve to just giving full administrator access.
Solutions such as ACLs (access control lists) can provide some additional security for allowing
non-administrators expanded privileges, but for the most part a root account has complete discretion
over the file system.
A MAC or non-discretionary access control framework allows you to define permissions for how all
processes (called subjects) interact with other parts of the system such as files, devices, sockets, ports,
and other processes (called objects in SELinux). This is done through an administratively-defined
security policy over all processes and objects. These processes and objects are controlled through the
kernel, and security decisions are made on all available information rather than just user identity. With
this model, a process can be granted just the permissions it needs to be functional. This follows the
principle of least privilege. Under MAC, for example, users who have exposed their data using chmod
are protected by the fact that their data is a kind only associated with user home directories, and
confined processes cannot touch those files without permission and purpose written into the policy.