Creating new application domains
By default, Linux distributions come with many prepackaged application domains. However, we will most likely come across situations where we need to build our own application policy.
Building such a policy can be to allow a particular application to run without SELinux protections (by marking the domain as a permissive domain) or perhaps with more controls that are currently in place.
Unlike users and roles, application domains usually have file context-related information with them.
An example application domain
The following SELinux policy is for mojomojo, an open source, catalyst-based wiki. The code is pretty light in weight as it is a web application. Thus, calling a template for the web server module (apache_content_template) that provides most of the rules already:
policy_module(mojomojo, 1.1.0) # Create all types based on the apache content template apache_content_template(mojomojo) # Needed by the mojomojo application allow httpd_mojomojo_script_t httpd_t...
