Lab
A Cloud Guru

Writing a Custom SELinux Policy

SELinux has a number of tools to alter policy without real knowledge of writing policy itself, but when we create our own custom daemons and processes, SELinux won't have default settings readily available for us to use. Instead, we'll have to use a combination of tools and troubleshooting to develop a custom policy so that your custom work can work. In this lab, we'll use `sepolicy`, `ausearch`, and `audit2allow` to create a policy, implement it, and then refine the policy through troubleshooting.

Try for free Contact sales

Path Info

Level

Intermediate

Duration

30m

Published

Jun 23, 2023

Challenge

Generate Policy

Create a base policy for the apachelogger daemon.
Challenge

Troubleshoot Policy

Apply the generated policy, then review SELinux logs to see if any parts of the daemon are blocked by the new policy. Rewrite the policy to allow the appropriate access.
Challenge

Reapply Policy

Reapply the adjusted policy and ensure there are no errors.

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.