Researching the application's logical design
Before embarking on a policy development spree, we need to look at the application's behavior and logical design. We will get to know the application and its interactions as we begin to model this into the SELinux policy.
How to do it…
To prepare an SELinux policy for the application, let's first look at how the application behaves:
Look into the files and directories that the application will interact with and write down the privileges that the application needs. Try to structure access based on the functionalities of the application.
Figure out which network resources are required by the application, which ports does the application bind (listen) to (if any), and which ports does it need to connect to.
If the application needs to interact with other SELinux domains (processes), how does this interaction look (or what is it for)?
Does the application require specific hardware access or other kernel-provided resources?
How it works…
Gathering information...