%20%E6%96%87%E4%BB%B6%E4%B8%AD%E7%9A%84%E2%80%9C%E8%AE%B8%E5%8F%AF%E2%80%9D%E5%A3%B0%E6%98%8E%E6%98%AF%E4%BB%80%E4%B9%88%E6%84%8F%E6%80%9D%EF%BC%9F.png)
我正在定义一个新类型mynewtype_t。有一行是用permissive关键字自动生成的。
$ sepolicy generate --init /bin/sh
Failed to retrieve rpm info for selinux-policy
Created the following files:
/tmp/policy/bash.te # Type Enforcement file
/tmp/policy/bash.if # Interface file
/tmp/policy/bash.fc # File Contexts file
/tmp/policy/bash_selinux.spec # Spec file
/tmp/policy/bash.sh # Setup Script
bash.te的内容:
policy_module(bash, 1.0.0)
########################################
#
# Declarations
#
type bash_t;
type bash_exec_t;
init_daemon_domain(bash_t, bash_exec_t)
permissive bash_t;
########################################
#
# bash local policy
#
allow bash_t self:capability { chown setgid setuid };
allow bash_t self:process { fork setpgid setrlimit signal_perms };
allow bash_t self:fifo_file rw_fifo_file_perms;
allow bash_t self:unix_stream_socket create_stream_socket_perms;
domain_use_interactive_fds(bash_t)
files_read_etc_files(bash_t)
auth_use_nsswitch(bash_t)
miscfiles_read_localization(bash_t)
sysnet_dns_name_resolve(bash_t)
在行中:
permissive bash_t;
关键字代表什么permissive?
答案1
permissive陈述允许类型bash_t在宽容模式下运行(而不是在宽容模式下运行整个系统)。宽容模式设置为semanage。