A key part of SELinux is understanding and using SELinux contexts. Everything on your system contains a context, and these contexts are used to determine which users, applications and services have access to which files, directories and applications. Even without an understanding of detailed policy creation, most SELinux users can manage their systems through using and altering contexts. (more…)
In the coming weeks, we at the Linux Academy blog will be exploring SELinux — or Security Enhanced Linux. SELinux provides users fine-grain control over access and permissions on their Linux servers and workstations. Today, we will explore the implications of using SELinux, before diving into SELinux policies and command line options in part two.
SELinux is a kernel module written by the NSA and Red Hat that grants system owners extended access control, allowing for a greater permissions profile to constrain users and applications from accessing resources. Beyond the traditional “read, write, execute” permissions on a basic Linux system, SELinux grants administrators the ability to restrict linking, moving and appending files and more. Additionally, access control is defined using policies, which average users cannot alter either purposely or accidentally. (more…)