Chapter 23. Protecting Against Intruders with Security-Enhanced Linux


On a system without Security-Enhanced Linux (SELinux) enabled, discretionary access control (DAC) is used for file security. Basic file permissions as discussed in Chapter 4, “Understanding Linux Concepts,” and optionally access control lists as described in Chapter 7, “Managing Storage,” are used to grant file access to users. Users and programs alike are allowed to grant insecure file permissions to others. For users, there is no way for an administrator to prevent a user from granting world-readable and world-writable ...

Get Red Hat now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.