SELinux: How do you create a custom label for files?

Question

According to this link, how to create a custom SELinux label, they show that you can use sepolgen on /path/to/binary.

But what if I'm not working on a binary? I want to make my directory to become a test_type_t type, which means I will have to create a test_type_t and then use chcon or semanage to change the type of that directory.

How do I create the test_type_t so that I can change the type of my directory?

score 2 · Answer 1 · answered Dec 11 '16 at 22:10

You'll have to create your own custom policy for that in a directory create a mylocalpolicy.te with the following content:

policy_module(mylocalpolicy, 0.0.1)

type test_type_t;
files_type(test_type_t)

Then you can run in the same directory: make -f /usr/share/selinux/devel/Makefile. This will generate a .pp file that you can load with semodule -i mylocalpolicy.pp

Please not that nothing will be able to interact (read/write/delete/…) with files with this label.

SELinux: How do you create a custom label for files?

1 Answers1