IN THIS CHAPTER
Learning about SELinux benefits
Learning how SELinux works
Setting up SELinux
Fixing problems with SELinux
Getting additional information on SELinux
Security Enhanced Linux (SELinux) was developed by the National Security Agency (NSA) along with other security research organizations, such as Secure Computing Corporation (SCC). SELinux was released to the open source community in 2000 and became popular when Red Hat included SELinux in its Linux distributions. Now, SELinux is used by many organizations and is widely available.
SELinux is a security enhancement module deployed on top of Linux. It provides additional security measures, is included by default, and is set to be in Enforcing mode in RHEL and Fedora.
SELinux provides improved security on the Linux system via Role Based Access Controls (RBAC) on subjects and objects (aka processes and resources). “Traditional” Linux security uses Discretionary Access Controls (DAC).
SELinux is not a replacement for DAC. Instead, it is an additional security layer.
If a user tries to execute a file that he does not have execute access to (rw-), the “traditional” ...