Chapter 7: Configuring Application-Specific SELinux Controls
Several Linux services and applications enable additional SELinux controls besides the kernel-enforced SELinux policy. They allow the administrator to further manipulate and enforce policy rules through the application itself—isolating users, reducing data leakage risks, and mitigating the impact of malicious behavior.
In this chapter, we will look at several SELinux-aware applications, such as systemd services and how they allow administrators to set up and specify target domains and resource labels. We'll also cover the D-Bus service, which allows SELinux policies to control the service binding and message communication within D-Bus itself. Next, we'll jump to PAM-enabled services ...
Get SELinux System Administration - Third Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.