Section 14.7. Summary


14.7. Summary

  • As in all modern enterprises, writing policy modules is a skill best learned through practice.

  • The basic steps for writing a new policy module, whether it be for the example policy or the reference policy, are as follows:

    1. Prepare and plan:

      Gather information about the application.

      Create a test configuration.

      Specify security goals.

    2. Create an initial policy module:

      Create the basic module files.

      Declare our module's types.

      Allow initial restrictive access.

      Allow domain transitions and role access.

      Integrate into system policy.

      Create labeling policy.

      Apply the policy.

    3. Test and analyze the policy:

      Functional test the policy module.

      Analyze the policy modules against our security goals.

  • In general, we iterate among the steps until we achieve the policy module we desire.




SELinux by Example(c) Using Security Enhanced Linux
SELinux by Example: Using Security Enhanced Linux
ISBN: 0131963694
EAN: 2147483647
Year: 2007
Pages: 154

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net