Working with the targeted policy type
The default policy type is targeted. As such, most SELinux deployments will work with this policy type. In the case of the targeted policy type, the primary attribute from the label used for enforcement is type
. For this reason, the targeted policy type is often known as TE or type
enforcement. The following image highlights the importance of the type attribute of a label in the targeted policy type:
Using the seinfo
command, which is part of the setools-console
package, we can display specific information about the current SELinux environment. Let's take a look at the available types that we can work with. To list all types, we will use the following command:
# seinfo -t
Wow, there are a lot. If we count them, we have around 4500 on RHEL 7; on RHEL 6, there were 3500. These two figures are just a simple illustration of how much the SELinux product is growing and its continued uptake, but Linux software developers.
We can also see how to import the type...