We have covered basics of SELinux, and security contexts in the last blog. Now we move on to detailed explanation of policies and archiving SELinux attributes etc.
Targeted, strict and MLS Policies
Redhat supports three policies – Targeted, Strict and MLS. The targeted policy is the default policy, under which every subject and object runs in unconfined_t domain, except for the specific targeted daemons. The objects on the system that are in the unconfined_t domain have no restrictions. The daemons that are part of the targeted policy run in their own domains and are restricted in every operation they perform on the system. Demons that are exploited like network services, which are usually vulnerable to attacks, can be protected by confining them to a specific domain. (more…)