Book Image

SELinux Cookbook

By : Sven Vermeulen
Book Image

SELinux Cookbook

By: Sven Vermeulen

Overview of this book

Table of Contents (17 chapters)
SELinux Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

Introduction


SELinux is an access control mechanism that works alongside the regular access controls that Linux provides. Making sure that these various access control systems play nicely together is important as both have their merits and uses.

Regular DAC security services on Linux are already quite powerful and are being extended with almost every Linux release. Namespaces, extended access controls, additional chroot restrictions, and other services are added to the Linux ecosystem to support the hardening of Linux systems further.

In this process of hardening systems, SELinux is just another layer of defense. Putting all efforts only on SELinux would be a major mistake to make, as SELinux has its downsides as well. By properly enabling the Linux DAC controls and tweaking SELinux so that it plays nicely together with these controls, a Linux system can be made much more resilient against vulnerabilities and attacks.