Discover How To Learn Tips And Tricks HOWTOs
How To Write an SELinux Policy
The NSA created the SELinux policy to provide security to applications. SELinux policies best suit an app under specific conditions, which can be found in this tutorial.
Security-Enhanced Linux is a kernel security module created by the National Security Agency to provide a mechanism for access control policies. SELinux includes a set of kernel modifications and user tools to help configure access control policies on Linux.
SELinux can cause problems with applications that behave outside the norm. Web servers, like Nginx or Apache, configure apps to serve sites from a directory that doesn't follow the default document root. Get site-specific data from /srv/www instead of /var/www. Apache or Nginx blocks web servers from serving up content from the nonstandard directory unless SELinux is aware of the change.
Some admins disable SELinux on their servers due to complications with app configuration due to the policies' restrictions. This could leave servers open to attacks, however. Knowing how to write a SELinux policy enables developers to work with confined rules.