Writing a SELinux policy from the ground up
SELinux is a mechanism that implements mandatory access controls in Linux systems. This article shows how to create a SELinux policy that confines a standard service: Limit its network interfaces, Restrict its system access, and Protect its secrets. Mandatory access control By default, unconfined processes use discretionary access controls (DAC). A user has all the permissions over its objects, for… Read more →