Your visual how-to guide for SELinux policy enforcementNov 13, 2013, 11:00 (0 Talkback[s])
(Other stories by Daniel J. Walsh)
We are celebrating the SELinux 10th year anversary this year. Hard to believe it. SELinux was first introduced in Fedora Core 3 and later in Red Hat Enterprise Linux 4. For those who have never used SELinux, or would like an explanation...
SElinux is a labeling system. Every process has a label. Every file/directory object in the OS has a label. Even network ports, devices, and potentially hostnames have labels assigned to them. We write rules to control the access of a process label to an a object label like a file. We call this policy. The kernel enforces the rules. Sometimes this enforcement is called Mandatory Access Control (MAC).
0 Talkback[s] (click to add your comment)