* attribute definitions
@ 2003-08-05 16:14 Diyab
2003-08-05 18:26 ` Stephen Smalley
2003-08-06 13:01 ` David Caplan
0 siblings, 2 replies; 3+ messages in thread
From: Diyab @ 2003-08-05 16:14 UTC (permalink / raw)
To: SELinux
Where are the type attributes defined? I'm trying to find out what
these attributes give permissions to but I can not find any reference to
where they are defined. I've tried grepping the policy for things like
sysadmfile but all I can find is the use of the attribute, not a definition.
Timothy,
--
I put instant coffee in a microwave and almost went back in time.
-- Steven Wright
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: attribute definitions
2003-08-05 16:14 attribute definitions Diyab
@ 2003-08-05 18:26 ` Stephen Smalley
2003-08-06 13:01 ` David Caplan
1 sibling, 0 replies; 3+ messages in thread
From: Stephen Smalley @ 2003-08-05 18:26 UTC (permalink / raw)
To: Diyab; +Cc: SELinux
On Tue, 2003-08-05 at 12:14, Diyab wrote:
> Where are the type attributes defined? I'm trying to find out what
> these attributes give permissions to but I can not find any reference to
> where they are defined. I've tried grepping the policy for things like
> sysadmfile but all I can find is the use of the attribute, not a definition.
The type attribute names are declared (by convention only) in
policy/attrib.te, with comments describing their intended purpose.
Originally, type attribute names were implicitly declared when they were
used in a type declaration, but explicit declarations were later added
and made mandatory to safeguard against errors in type declarations and
to provide a centralized place for reviewing the set of existing
attributes and their intended purpose.
--
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: attribute definitions
2003-08-05 16:14 attribute definitions Diyab
2003-08-05 18:26 ` Stephen Smalley
@ 2003-08-06 13:01 ` David Caplan
1 sibling, 0 replies; 3+ messages in thread
From: David Caplan @ 2003-08-06 13:01 UTC (permalink / raw)
To: Diyab; +Cc: SELinux
Diyab wrote:
> Where are the type attributes defined? I'm trying to find out what
> these attributes give permissions to but I can not find any reference
> to where they are defined. I've tried grepping the policy for things
> like sysadmfile but all I can find is the use of the attribute, not a
> definition.
>
> Timothy,
>
You can use our analysis tool, apol, to determine the set of types that
use an attribute or which attributes are assigned to a specific type.
You can also do regular expression searches on either types or
attributes and display the appropriate groupings. The tool is included
in the SE Linux distribution and available from our web site,
http://www.tresys.com/selinux.
David
David Caplan
dac@tresys.com
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-08-06 13:01 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-05 16:14 attribute definitions Diyab
2003-08-05 18:26 ` Stephen Smalley
2003-08-06 13:01 ` David Caplan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.