对于任意对象类型,例如user_tmp_t,我想知道允许哪些进程访问此标记.如何查找引用user_tmp_t的所有允许规则?
解决方法
您无法直接找到可以转换为给定类型的进程,但您可以间接地进行此类操作.
是时候熟悉搜索工具了.此工具允许您以各种方式查询SELinux策略.
在这里,我们将看到哪些类型可以转换为user_tmp_t类型.其中包括您感兴趣的流程的类型.正如您所看到的,这也为您提供了一些关于流程允许执行的提示.
# sesearch -T -t user_tmp_t Found 44 semantic te rules: type_transition staff_sudo_t user_tmp_t : process staff_t; type_transition auditadm_sudo_t user_tmp_t : process auditadm_t; type_transition thumb_t user_tmp_t : file thumb_tmp_t; type_transition thumb_t user_tmp_t : dir thumb_tmp_t; type_transition thumb_t user_tmp_t : sock_file thumb_tmp_t; type_transition mozilla_plugin_t user_tmp_t : file mozilla_plugin_tmp_t; type_transition telepathy_msn_t user_tmp_t : file telepathy_msn_tmp_t; type_transition mozilla_plugin_t user_tmp_t : dir mozilla_plugin_tmp_t; type_transition telepathy_msn_t user_tmp_t : dir telepathy_msn_tmp_t; type_transition mozilla_plugin_t user_tmp_t : sock_file mozilla_plugin_tmp_t; type_transition telepathy_msn_t user_tmp_t : sock_file telepathy_msn_tmp_t; type_transition mozilla_plugin_t user_tmp_t : fifo_file mozilla_plugin_tmp_t; type_transition alsa_t user_tmp_t : file alsa_tmp_t; type_transition staff_gkeyringd_t user_tmp_t : dir gkeyringd_tmp_t; type_transition user_gkeyringd_t user_tmp_t : dir gkeyringd_tmp_t; type_transition alsa_t user_tmp_t : dir alsa_tmp_t; type_transition staff_gkeyringd_t user_tmp_t : sock_file gkeyringd_tmp_t; type_transition user_gkeyringd_t user_tmp_t : sock_file gkeyringd_tmp_t; type_transition dbadm_sudo_t user_tmp_t : process dbadm_t; type_transition secadm_sudo_t user_tmp_t : process secadm_t; type_transition gpg_pinentry_t user_tmp_t : sock_file gpg_pinentry_tmp_t; type_transition mozilla_plugin_config_t user_tmp_t : file mozilla_plugin_tmp_t; type_transition mozilla_plugin_config_t user_tmp_t : dir mozilla_plugin_tmp_t; type_transition sysadm_sudo_t user_tmp_t : process sysadm_t; type_transition virt_qemu_ga_unconfined_t user_tmp_t : file svirt_tmp_t; type_transition svirt_t user_tmp_t : file svirt_tmp_t; type_transition virt_qemu_ga_unconfined_t user_tmp_t : dir svirt_tmp_t; type_transition secadm_gkeyringd_t user_tmp_t : dir gkeyringd_tmp_t; type_transition httpd_t user_tmp_t : dir httpd_tmp_t; type_transition svirt_t user_tmp_t : dir svirt_tmp_t; type_transition virt_qemu_ga_unconfined_t user_tmp_t : lnk_file svirt_tmp_t; type_transition svirt_t user_tmp_t : lnk_file svirt_tmp_t; type_transition secadm_gkeyringd_t user_tmp_t : sock_file gkeyringd_tmp_t; type_transition svirt_tcg_t user_tmp_t : file svirt_tmp_t; type_transition svirt_tcg_t user_tmp_t : dir svirt_tmp_t; type_transition auditadm_gkeyringd_t user_tmp_t : dir gkeyringd_tmp_t; type_transition xguest_gkeyringd_t user_tmp_t : dir gkeyringd_tmp_t; type_transition svirt_tcg_t user_tmp_t : lnk_file svirt_tmp_t; type_transition auditadm_gkeyringd_t user_tmp_t : sock_file gkeyringd_tmp_t; type_transition xguest_gkeyringd_t user_tmp_t : sock_file gkeyringd_tmp_t; type_transition chrome_sandBox_t user_tmp_t : file chrome_sandBox_tmp_t; type_transition chrome_sandBox_t user_tmp_t : dir chrome_sandBox_tmp_t; type_transition gconfd_t user_tmp_t : file gconf_tmp_t; type_transition gconfd_t user_tmp_t : dir gconf_tmp_t; Found 298 named file transition filename_trans: ----(omitted)----
