- Lab
-
Libraries: If you want this lab, consider one of these libraries.
- Cloud
Writing a Custom SELinux Policy
SELinux has a number of tools to alter policy without real knowledge of writing policy itself, but when we create our own custom daemons and processes, SELinux won't have default settings readily available for us to use. Instead, we'll have to use a combination of tools and troubleshooting to develop a custom policy so that your custom work can work. In this lab, we'll use `sepolicy`, `ausearch`, and `audit2allow` to create a policy, implement it, and then refine the policy through troubleshooting.
Lab Info
Table of Contents
-
Challenge
Generate Policy
Create a base policy for the
apacheloggerdaemon. -
Challenge
Troubleshoot Policy
Apply the generated policy, then review SELinux logs to see if any parts of the daemon are blocked by the new policy. Rewrite the policy to allow the appropriate access.
-
Challenge
Reapply Policy
Reapply the adjusted policy and ensure there are no errors.
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.