Chapter 4. Process Domains and File-Level Access Controls
When we work on a SELinux-enabled system, gathering information about the contexts associated with files and processes is a necessary basic capability. We need to understand how these contexts are used in policies and what the applicable security rules and access controls are for a specific process.
In this chapter, we will:
- Work with file contexts and learn where they are stored
- Understand how contexts are assigned
- Learn and obtain information about how and when processes get into their current context
- Get a first taste of a SELinux policy and how to query it
We will end with another SELinux feature called constraints and learn how they are used to provide the user-based access control feature.