You're reading from SELinux System Administration, Third Edition Implement mandatory access control to secure applications, users, and information flows on Linux

Product type Paperback

Published in Dec 2020

Publisher Packt

ISBN-13 9781800201477

Length 458 pages

Edition 3rd Edition

Tools

Docker

Concepts

System Administration

Author (1):

Sven Vermeulen

View More author details

Table of Contents (22) Chapters

Preface

1. Section 1: Using SELinux

2. Chapter 1: Fundamental SELinux Concepts FREE CHAPTER

3. Chapter 2: Understanding SELinux Decisions and Logging

4. Chapter 3: Managing User Logins

5. Chapter 4: Using File Contexts and Process Domains

6. Chapter 5: Controlling Network Communications

7. Chapter 6: Configuring SELinux through Infrastructure-as-Code Orchestration

8. Section 2: SELinux-Aware Platforms

9. Chapter 7: Configuring Application-Specific SELinux Controls

10. Chapter 8: SEPostgreSQL – Extending PostgreSQL with SELinux

11. Chapter 9: Secure Virtualization

12. Chapter 10: Using Xen Security Modules with FLASK

13. Chapter 11: Enhancing the Security of Containerized Workloads

14. Section 3: Policy Management

15. Chapter 12: Tuning SELinux Policies

16. Chapter 13: Analyzing Policy Behavior

17. Chapter 14: Dealing with New Applications

18. Chapter 15: Using the Reference Policy

19. Chapter 16: Developing Policies with SELinux CIL

20. Assessments

21. Other Books You May Enjoy

Leave a review - let other readers know what you think

Chapter 4: Using File Contexts and Process Domains

SELinux-enabled systems are strongly dependent on the notion of contexts (on resources) and domains (on processes). The access controls that SELinux enforces use these contexts to identify the resources, and define the enforcement rules within the policy. Because of its inherent reliance on these contexts, this chapter will go into detail on file contexts, context definitions, and process domains.

We will work with the file contexts and learn where they are stored so that you can easily adjust your system to work optimally with SELinux. We assign contexts to resources both temporarily (for testing purposes) and permanently, and learn how these contexts are used to automatically deduce the process domain. Once we know how to obtain process domain information, we will query the SELinux policy to learn about the current access controls.

In this chapter, we're going to cover the following main topics: