| | Copyright |
| | Preface |
| | | Organization of This Book |
| | | Conventions Used in This Book |
| | | Using Code Examples |
| | | How to Contact Us |
| | | Acknowledgments |
| | Chapter 1. Introducing SELinux |
| | | Section 1.1. Software Threats and the Internet |
| | | Section 1.2. SELinux Features |
| | | Section 1.3. Applications of SELinux |
| | | Section 1.4. SELinux History |
| | | Section 1.5. Web and FTP Sites |
| | Chapter 2. Overview of the SELinux Security Model |
| | | Section 2.1. Subjects and Objects |
| | | Section 2.2. Security Contexts |
| | | Section 2.3. Transient and Persistent Objects |
| | | Section 2.4. Access Decisions |
| | | Section 2.5. Transition Decisions |
| | | Section 2.6. SELinux Architecture |
| | Chapter 3. Installing and Initially Configuring SELinux |
| | | Section 3.1. SELinux Versions |
| | | Section 3.2. Installing SELinux |
| | | Section 3.3. Linux Distributions Supporting SELinux |
| | | Section 3.4. Installation Overview |
| | | Section 3.5. Installing SELinux from Binary or Source Packages |
| | | Section 3.6. Installing from Source |
| | Chapter 4. Using and Administering SELinux |
| | | Section 4.1. System Modes and SELinux Tuning |
| | | Section 4.2. Controlling SELinux |
| | | Section 4.3. Routine SELinux System Use and Administration |
| | | Section 4.4. Monitoring SELinux |
| | | Section 4.5. Troubleshooting SELinux |
| | Chapter 5. SELinux Policy and Policy Language Overview |
| | | Section 5.1. The SELinux Policy |
| | | Section 5.2. Two Forms of an SELinux Policy |
| | | Section 5.3. Anatomy of a Simple SELinux Policy Domain |
| | | Section 5.4. SELinux Policy Structure |
| | Chapter 6. Role-Based Access Control |
| | | Section 6.1. The SELinux Role-Based Access Control Model |
| | | Section 6.2. Railroad Diagrams |
| | | Section 6.3. SELinux Policy Syntax |
| | | Section 6.4. User Declarations |
| | | Section 6.5. Role-Based Access Control Declarations |
| | Chapter 7. Type Enforcement |
| | | Section 7.1. The SELinux Type-Enforcement Model |
| | | Section 7.2. Review of SELinux Policy Syntax |
| | | Section 7.3. Type-Enforcement Declarations |
| | | Section 7.4. Examining a Sample Policy |
| | Chapter 8. Ancillary Policy Statements |
| | | Section 8.1. Constraint Declarations |
| | | Section 8.2. Other Context-Related Declarations |
| | | Section 8.3. Flask-Related Declarations |
| | Chapter 9. Customizing SELinux Policies |
| | | Section 9.1. The SELinux Policy Source Tree |
| | | Section 9.2. On the Topics of Difficulty and Discretion |
| | | Section 9.3. Using the SELinux Makefile |
| | | Section 9.4. Creating an SELinux User |
| | | Section 9.5. Customizing Roles |
| | | Section 9.6. Adding Permissions |
| | | Section 9.7. Allowing a User Access to an Existing Domain |
| | | Section 9.8. Creating a New Domain |
| | | Section 9.9. Using Audit2allow |
| | | Section 9.10. Policy Management Tools |
| | | Section 9.11. The Road Ahead |
| | Appendix A. Security Object Classes |
| | Appendix B. SELinux Operations |
| | Appendix C. SELinux Macros Defined in src/policy/macros |
| | Appendix D. SELinux General Types |
| | Appendix E. SELinux Type Attributes |
| | Colophon |
| | Index |