next up previous contents
Next: Extensions for Installing Up: A Security Policy Configuration Previous: Network Contexts   Contents


File Contexts

This section describes the separate configuration used to set file security contexts. This configuration is contained in the file_contexts file. It specifies file security contexts based on pathname regular expressions. The setfiles program reads this configuration and labels files accordingly.

Since the file system layout varies considerably among different Linux distributions and even among different versions of a single Linux distribution, this configuration should be reviewed and customized before the initial relabeling of the file system. For example, the locations of syslogd and klogd differ between RedHat 6.0 and RedHat 6.1. As mentioned in Section 3.3.1, the location of the policy sources (policy_src_t) should also be customized before the initial relabeling. Similarly, as mentioned in Section 3.3.3, the location for administrator and ordinary user home directories should be customized before the initial relabeling.

The types used in the configuration are described in Section 3.3. The system_u user identity and object_r role are used for all of the security contexts in this configuration, since they all represent system objects. If desired, a separate entry could be specified for each user home directory so that it is labeled with the user's identity. However, this is not necessary, since the user identity on the file is only used to determine the ability to relabel the file. Any files created subsequently by individual users will be created with the corresponding user identity.


next up previous contents
Next: Extensions for Installing Up: A Security Policy Configuration Previous: Network Contexts   Contents