0%

Foundation of Computer System

SELinux

  • Security-Enhanced Linux (SELinux) is a security architecture for Linux® systems that allows administrators to have more control over who can access the system.
  • With Discretionary access control (DAC), files and processes have owners. You can have the user own a file, a group own a file, or other, which can be anyone else. Users have the ability to change permissions on their own files. The root user has full access control with a DAC system. If you have root access, then you can access any other user’s files or do whatever you want on the system.
  • But on mandatory access control (MAC) systems like SELinux, there is administratively set policy around access. Even if the DAC settings on your home directory are changed, an SELinux policy in place to prevent another user or process from accessing the directory will keep the system safe.
  • Traditionally, Linux and UNIX systems have used DAC. SELinux is an example of a MAC system for Linux.