Chapter 15
- Many Linux distributions add services and tools that fit the distribution's purpose and principles, yet which might be contradictory to what the reference policy is about. For instance, Red Hat Enterprise Linux and its derived Linux distributions will enable unconfined domains for many applications, whereas the reference policy will strive toward confinement of all applications.
As a result, many Linux distributions base their policy on the reference policy, but augment and adjust it for their specific purpose.
- The three main policy files are the following:
- A type enforcement file, with the suffix
.te
, which contains the rules for the SELinux policy module, focusing on its owned domains.- An interface file, with the suffix
.if
, which exposes the interaction patterns and privileges vis-à-vis the domains and resources owned by this SELinux policy module. These interfaces are then used by other SELinux policy modules.- A context file, with the suffix
.fc
...