Chapter 23. Protecting Against Intruders with Security-Enhanced Linux
IN THIS CHAPTER
- Selecting an SELinux Mode
- Selecting and Customizing the SELinux Policy
- Utilizing the SELinux Troubleshooting Tool
- Working with Security Contexts
On a system without Security-Enhanced Linux (SELinux) enabled, discretionary access control (DAC) is used for file security. Basic file permissions as discussed in Chapter 4, “Understanding Linux Concepts,” and optionally access control lists as described in Chapter 7, “Managing Storage,” are used to grant file access to users. Users and programs alike are allowed to grant insecure file permissions to others. For users, there is no way for an administrator to prevent a user from granting world-readable and world-writable ...