Book Image

SELinux Cookbook

By : Sven Vermeulen
Book Image

SELinux Cookbook

By: Sven Vermeulen

Overview of this book

Table of Contents (17 chapters)
SELinux Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Creating a stream-connect interface


Be it through the specific executable types or by the generic bin_t labeled commands, executions that remain in the caller domain might still require additional privileges to be assigned to the caller domain. These additional privileges could be reading of configuration files or interacting with the main domain through Unix domain sockets or TCP/UDP sockets.

In this recipe, we'll set up a stream-connect interface (as the other privilege enhancements are already covered through the regular resource-access interfaces or network-access interfaces).

How to do it…

Interaction with an application socket can be done either through a socket file or through a named Unix domain socket. This is application-specific, so consulting the application documentation might be necessary up front.

For a Unix domain socket with a socket file

If the stream connection is through a Unix domain socket with a socket file, the interaction with an application socket can be done by completing...