Understanding the service
The first aspect of designing server policies is to understand the service at hand. Each service has its own internal architecture, and understanding how the various processes and resources interact with each other is extremely important.
Only when the internal architecture is fully understood will we be able to create a properly functioning policy. Otherwise, we risk that the policy will be too broad (too many access rights) or too restricted. Unlike applications, which are usually easy to test from an end user point of view, services often have activities that are much harder to test (or even consider).
How to do it…
Just like with desktop applications, understanding the application behavior is of key importance to create good SELinux policies. Research into and analysis of the behavior can be done by performing the following steps:
Research the service at large by looking for online architecture drawings or architecture documentation.
Try to explore the service in...