Chapter 14. Working with SELinux
In this chapter, we will cover the following topics:
- Installing and configuring important SELinux tools
- Working with SELinux security contexts
- Working with policies
- Troubleshooting SELinux
Introduction
This chapter is a collection of recipes that strive to demystify Security-Enhanced Linux (SELinux), a mature technology for hardening your Linux system using additional security features added to the basic security system. It has been around for many years in the CentOS world but nevertheless is a somewhat little-known and confusing topic for a lot of system administrators.
Installing and configuring important SELinux tools
The most significant security feature of any Linux system is providing access control—often called
Discretionary Access Control (DAC)—which allows the owner of an object (such as a file) to set security attributes for it (for example, deciding who can read or write to a file using the chown
and chmod
commands). While...