This leaves only user domains unconfined, along with some domains that do not make sense to confine. If you disable the unconfined policy package, which I recommend. Seinfo -aunconfined_domain_type -x | tail -n +2 | wc -l If we want to look at the number of unconfined domains, we can use the unconfined_domain attribute. Note: I am removing the first line because it lists the attribute name. In SELinux, every process type has an attribute associated with it called "domain".Ī good estimate of the number of different confined processes is to count the number of types with the domain attribute. ![]() ![]() Well there is a cool tool called seinfo (setools package) that allows you query the installed policy for attributes and types, as well as other policy features. I often get asked how many processes are confined with SELinux.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |