Book Image

SELinux System Administration. - Second Edition

Book Image

SELinux System Administration. - Second Edition

Overview of this book

Do you have the crucial job of protecting your private and company systems from malicious attacks and undefined application behavior? Are you looking to secure your Linux systems with improved access controls? Look no further, intrepid administrator! This book will show you how to enhance your system’s secure state across Linux distributions, helping you keep application vulnerabilities at bay. This book covers the core SELinux concepts and shows you how to leverage SELinux to improve the protection measures of a Linux system. You will learn the SELinux fundamentals and all of SELinux’s configuration handles including conditional policies, constraints, policy types, and audit capabilities. These topics are paired with genuine examples of situations and issues you may come across as an administrator. In addition, you will learn how to further harden the virtualization offering of both libvirt (sVirt) and Docker through SELinux. By the end of the book you will know how SELinux works and how you can tune it to meet your needs.
Table of Contents (16 chapters)
SELinux System Administration - Second Edition
About the Author
About the Reviewers

Chapter 4. Process Domains and File-Level Access Controls

When we work on a SELinux-enabled system, gathering information about the contexts associated with files and processes is a necessary basic capability. We need to understand how these contexts are used in policies and what the applicable security rules and access controls are for a specific process.

In this chapter, we will:

  • Work with file contexts and learn where they are stored

  • Understand how contexts are assigned

  • Learn and obtain information about how and when processes get into their current context

  • Get a first taste of a SELinux policy and how to query it

We will end with another SELinux feature called constraints and learn how they are used to provide the user-based access control feature.