Eigenes Programm

• cat ~/mydaemon.c

#include <unistd.h>
#include <stdio.h>

FILE *f;

int main(void)
{
while(1) {
f = fopen("/var/log/messages","w");
        sleep(5);
        fclose(f);
    }
}

Kompilieren

• gcc -o mydaemon mydaemon.c

Kopieren

• cp mydaemon /usr/local/sbin

System Dienst

• cat /etc/systemd/system/mydaemon.service

vi mydaemon.service
[Unit]
Description=Simple testing daemon

[Service]
Type=simple
ExecStart=/usr/local/bin/mydaemon

[Install]
WantedBy=multi-user.target

Systemctl status

• systemctl start mydaemon
• systemctl status mydaemon

Check that the new daemon is not confined by SELinux

• ps -efZ | grep mydaemon

system_u:system_r:unconfined_service_t:s0 root 5812    1  0 15:41 ?        00:00:00 /usr/local/bin/mydaemon

Generieren Sie eine benutzerdefinierte Richtlinie für den Daemon

• sepolicy generate --init /usr/local/bin/mydaemon

Created the following files:
/etc/systemd/system/mydaemon.te # Type Enforcement file
/etc/systemd/system/mydaemon.if # Interface file
/etc/systemd/system/mydaemon.fc # File Contexts file
/etc/systemd/system/mydaemon_selinux.spec # Spec file
/etc/systemd/system/mydaemon.sh # Setup Script

Links

• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/writing-a-custom-selinux-policy_using-selinux