This is repository, where will be implementation of diploma thesis practical output. The SELinux policies for new confined users. The security policies are under Apache 2.0 license.
selinux-policy-devel package
- Install via:
$ sudo dnf install selinux-policy-devel
-
Compile .te file into .pp file
$ make -f /usr/share/selinux/devel/Makefile nameOfModule.pp
-
Load compiled file into kernel
$ semodule -i nameOfModule.pp
I will show how mapping specially basic user, but for other new users will be same procedure.
-
You will need to create a file for a new user in /etc/selinux/targeted/contexts/users, the easiest way is to copy an existing user and change the user name in the file using:
$ sed -e ’s | user | basic |g ’ user_u > basic_u
-
Then you need to create a new SELinux user based on the new type and role.
$ sudo semanage user -a basic_u -R " basic_r "
-
Then you need linked linux user to SELinux user.
$ sudo semanage login -a -s basic_u yourLinuxUser
-
Last step is change the labels in the home directory of yourLinuxUser because it got the default security context.
$ sudo restorecon -RvF /home/yourLinuxUser