Targeted Daemons/Apps- Fedora 12
Dominick Grift
domg472 at gmail.com
Tue Dec 8 12:45:34 UTC 2009
On Tue, Dec 08, 2009 at 08:21:41AM -0400, Jorge Fábregas wrote:
> Hello everyone,
>
> Where can I find a list of all the targeted daemons/apps that are protected by
> the current policy on Fedora 12?
That is not so easy to list.
You can list installed modules that are not part of the base policy:
semodule -l
That will give you atleast some impression about what may be targeted.
But that impression is distorted. One reason is that a policy for a daemon or app may be built into the base policy.
Base policy is a group of mandatory modules.
Another reason why listing targeted daemons/apps is not so easy is because of how policy is structured.
A policy module can have policy for several daemons and apps. For example:
The irc policy module has policy for several different irc clients. They are grouped into one module because they share the property that they are all irc clients.
Another example is the git module. This module has policy for the git daemon but it also has policy for the cgit web application.
Another way to approach this issue is to run the following command:
sesearch --allow -s domain
This will list all interactions that are allowed where the source of an interaction is a type with the domain attribute (think of attributes as if they are tags)
The problem here is that this shows all domain types. One program can be sometimes run with various domain types. So this is also a distorted view. Besides that, it is not always easy to determine what daemon or app a type is for, just by looking at a type.
To really get an answer to your question , i believe you would probably need to inspect the source policy. Since you want to know the daemons targeted you would probably inspect the policy/modules/services directory carefully and determine there which daemons may be targeted. For app you would look into the policy/modules/apps directory.
But even that is not accurate.. Since policy may be available but not installed. or may be installed but not instantiated.
>
> Thanks,
> Jorge
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091208/fea871cd/attachment.sig>
More information about the fedora-selinux-list
mailing list