Introduction
Up until now, we've modified and enhanced existing policies and interacted with the SELinux subsystem through the available administrative commands. But, in order to truly benefit from the protection measures that SELinux provides, we need to create our own policies for applications that would otherwise run with either too many privileges, or not run at all.
Desktop applications are a good example. The end user domains (unconfined_t
for policies which support unconfined domains, and user_t
, staff_t
, and the like for the other policies) have many privileges assigned to them to allow generic applications to be executed while remaining in the user domain.
This has a huge downside: vulnerabilities within desktop applications or malfunctioning applications can create havoc with the users' files and resources, potentially exposing information to malicious users. If all end user applications run within the same domain, then we cannot talk about a least privilege environment...