Loading...

    SELinux from Scratch

    Date15 May 2006
    CategorySELinux
    16640
    Posted ByBrittany Day
    SELinux is a mandatory access control (MAC) system available in Linux kernels as of version 2.6. Of the Linux Security Modules available, it is the most comprehensive and well tested, and is founded on 20 years of MAC research. SELinux combines a type-enforcement server with either multi-level security or an optional multi-category policy, and a notion of role-based access control. See the Resources section later in this article for links to more information about these topics.

    Most people who have used SELinux have done so by using an SELinux-ready distribution such as Fedora, Red Hat Enterprise Linux (RHEL), Debian, or hardened Gentoo. These enable SELinux in the kernel, offer a customizable security policy, and patch a great number of user-land libraries and utilities to make them SELinux aware.

    (Editorial comment: EnGarde Secure Linux is an SELinux-ready distibution)

    If you're like many users who simply want the system to work as before, but a bit more securely, you can query and manipulate SELinux by using familiar applications and by writing security policies using a higher level language. However, these methods can be insufficient when something breaks -- such as when kernel and user-space get out of sync. Also, these methods might even hinder the UNIX® engineer from understanding how SELinux is actually working. Finally, the engineer and the security community should understand that there are appropriate ways to use SELinux outside of the conventions in use by current distributions.

    In this article, learn how to convert a system that is initially completely unaware of SELinux into one that enforces SELinux. You also learn how to enforce a few simple access policies.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    Which email threat are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    22
    radio
    [{"id":"81","title":"Ransomware","votes":"3","type":"x","order":"1","pct":75,"resources":[]},{"id":"82","title":"Business email compromise ","votes":"1","type":"x","order":"2","pct":25,"resources":[]},{"id":"83","title":"Spam email","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.