Confined-users-policy

This is repository, where will be implementation of diploma thesis practical output. The SELinux policies for new confined users. The security policies are under Apache 2.0 license.

How to apply policy on system

Requirements

selinux-policy-devel package

Install via:

$ sudo dnf install selinux-policy-devel

Steps to add into system

Compile .te file into .pp file

$ make -f /usr/share/selinux/devel/Makefile nameOfModule.pp
Load compiled file into kernel

$ semodule -i nameOfModule.pp

How map linux users to SELinux users

I will show how mapping specially basic user, but for other new users will be same procedure.

You will need to create a file for a new user in /etc/selinux/targeted/contexts/users, the easiest way is to copy an existing user and change the user name in the file using:

$ sed -e ’s | user | basic |g ’ user_u > basic_u
Then you need to create a new SELinux user based on the new type and role.

$ sudo semanage user -a basic_u -R " basic_r "
Then you need linked linux user to SELinux user.

$ sudo semanage login -a -s basic_u yourLinuxUser
Last step is change the labels in the home directory of yourLinuxUser because it got the default security context.

$ sudo restorecon -RvF /home/yourLinuxUser

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
admin.fc		admin.fc
admin.if		admin.if
admin.te		admin.te
advanced.fc		advanced.fc
advanced.if		advanced.if
advanced.te		advanced.te
basic.fc		basic.fc
basic.if		basic.if
basic.te		basic.te
confinedom.fc		confinedom.fc
confinedom.if		confinedom.if
confinedom.te		confinedom.te

License

Koncpa/confined-users-policy

Folders and files

Latest commit

History

Repository files navigation

Confined-users-policy

How to apply policy on system

Requirements

Steps to add into system

How map linux users to SELinux users

About

Resources

License

Stars

Watchers

Forks