NSA Security-enhanced Linux  Home ToC Prev Up Next 
Types of AC
DTE model
SELinux TE
Access modes
Type declaration
AV rules
Transitions
+Change rules
Assertions
RBAC model
MLS model
FLASK
SecDecs
Conclusion
  

Change rules

  • not used by the kernel, but can be obtained and used by security-aware applications through the security_change_sid system call

  • specifies the new type to use for a relabelling operation based on the domain of user process, the current type and the class of the object 

    type_change user_t tty_device_t:chr_file 
user_tty_device_t;
type_change sysadm_t tty_device_t:chr_file 
sysadm_tty_device_t;
type_change user_t sshd_devpts_t:chr_file user_devpts_t;
type_change sysadm_t sshd_devpts_t:chr_file 
sysadm_devpts_t;
Copyright © 2004 Pavol Lupták  Prev Next