Book Image

Learning RHEL Networking

By : Andrew Mallett, Adam Miller
Book Image

Learning RHEL Networking

By: Andrew Mallett, Adam Miller

Overview of this book

Table of Contents (18 chapters)
Learning RHEL Networking
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
Index

What is SELinux


SELinux is a MAC (Mandatory Access Control) system working together with the existing DAC (Discretionary Access Control) list we are familiar with, such as the file permissions list.

Tip

SELinux can only restrict permissions; it cannot add permissions. If the DAC does not allow access, SELinux cannot allow.

In order to work with labeled objects, access is granted based on these labels and controlled via policies. All objects—such as users, processes, and files—have labels. The label that you have or (more often) the process that you run must match the label supplied to the resource that you need to access. In simple terms, think of this like bathrooms; humans with the label MEN have access to the bathroom labeled MEN. In Linux terms, the Apache web server process is labeled as httpd_t and can access files with the httpd_sys_content_t label. In this way, your system is protected against a rogue or pwned (compromised) web server as the scope of files that has access to it is limited...