Defining file contexts through patterns
SELinux policy modules can contain file context definitions through their .fc
files. In these files, path expressions are used to point to the various locations that should match a particular file context, and class identifiers are used to differentiate file context definitions based on the file class (directories, regular files, symbolic links, and more).
In this recipe, we'll create a mylogging
SELinux module, which defines additional path specifications for logging-related contexts. We will use direct file paths as well as regular expressions, and take a look at the various class identifiers.
How to do it…
To define a file context through an SELinux policy module, use the following approach:
- With
matchpathcon
, we can check what is the context that the SELinux tools would reset the resource to:~# matchpathcon /service/log /service/log system_u:object_r:default_t
- Create the
mylogging.te
file in which we mention the types that are going to...