Exercises


1.

Given a file context file with the following entries, what security context would the files /etc/passwd, /etc/shadow, and /etc/mtab receive?

/etc(/.*)?                   system_u:object_r:etc_t /var/db/.*\.db         --    system_u:object_r:etc_t /etc/\.pwd\.lock --    system_u:object_r:shadow_t /etc/passwd\.lock --   system_u:object_r:shadow_t /etc/group\.lock --    system_u:object_r:shadow_t /etc/shadow.*    --    system_u:object_r:shadow_t /etc/gshadow.*   --    system_u:object_r:shadow_t /var/db/shadow.* --    system_u:object_r:shadow_t /etc/blkid\.tab.* --   system_u:object_r:etc_runtime_t /etc/fstab\.REVOKE  --       system_u:object_r:etc_runtime_t /etc/\.fstab\.hal\..+ --     system_u:object_r:etc_runtime_t /etc/HOSTNAME        --      system_u:object_r:etc_runtime_t /etc/ioctl\.save --    system_u:object_r:etc_runtime_t /etc/mtab        --    system_u:object_r:etc_runtime_t /etc/motd        --    system_u:object_r:etc_runtime_t


2.

What is unique about file-related object labeling on filesystems that use extended attribute labeling?

3.

Write a portcon statement that would label port 22 with the security context system_u:object_r:sshd_t for TCP. What is the object class that is labeled by this statement?

4.

Write a nodecon statement that would label the system 192.168.1.128 with the security context system_u:object_r:webserver_t. What object class is labeled by this statement?




SELinux by Example(c) Using Security Enhanced Linux
SELinux by Example: Using Security Enhanced Linux
ISBN: 0131963694
EAN: 2147483647
Year: 2007
Pages: 154

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net