Chapter 5. Using SELinux
Here is an overview of the recipes presented in this chapter:
- Changing file contexts
- Configuring SELinux booleans
- Configuring SELinux port definitions
- Troubleshooting SELinux
- Creating SELinux policies
- Applying SELinux policies
Introduction
SELinux is a Linux kernel module that allows supporting mandatory access control (MAC) security policies. The Red Hat implementation of SELinux combines role-based access control (RBAC) with type enforcement (TE). Optionally, multilevel security (MLS) is also available but isn't widely used as it implements fewer policies than the default Red Hat SELinux policies.
SELinux is enabled by default in RHEL 7 and supported for all software packaged by Red Hat.
The recipes presented in this chapter will not only provide you with a solid base to troubleshoot SELinux issues and fix them, but also a peek into how to create your own SELinux policies.
Changing file contexts
Files and processes are labeled with a SELinux context, which...