We have covered basics of SELinux, and security contexts in the last blog. Now we move on to detailed explanation of policies and archiving SELinux attributes etc.
Targeted, strict and MLS Policies
Redhat supports three policies – Targeted, Strict and MLS. The targeted policy is the default policy, under which every subject and object runs in unconfined_t domain, except for the specific targeted daemons. The objects on the system that are in the unconfined_t domain have no restrictions. The daemons that are part of the targeted policy run in their own domains and are restricted in every operation they perform on the system. Demons that are exploited like network services, which are usually vulnerable to attacks, can be protected by confining them to a specific domain. (more…)
The purpose of this article is to cover basic concepts and operations of administering SE Linux on an RHEL or Fedora system. This was penned to make an intro level HOWTO for getting started with SE Linux. My friend has already given an intro for this topic and I am just covering more on administering policies.
Many of us have the feeling that SELinux is too complex and forces too many changes on fundamental Linux concepts. This article covers the more basic aspects of SE Linux, and it covers topics like :
* How to use all the administrative commands that relate to SE Linux
* Difference between targeted and strict policies
* Some troubleshooting tools, that come in handy.