In this chapter
SELinux provides a constraint mechanism to further restrict the access allowed by the policy regardless of the policy
allow rules. In this chapter, we explore the constraint feature in SELinux.
To understand the purpose of constraints, let’s revisit the SELinux Linux Security Module (LSM). Recall the SELinux kernel architecture discussed in Chapter 3, “Architecture,” the salient portion of which is depicted again in Figure 7-1.
We want to take a closer look at how the access ...