![]() ![]() The SELinux policy uses these contexts in a series of rules which define how processes can interact with each other and the various system resources. For example, a file can have multiple valid path names on a system that makes use of bind mounts. Not only does this provide a consistent way of referencing objects in the SELinux policy, but it also removes any ambiguity that can be found in other identification methods. A SELinux context, sometimes referred to as an SELinux label, is an identifier which abstracts away the system-level details and focuses on the security properties of the entity. Every process and system resource has a special security label called an SELinux context. Security Enhanced Linux (SELinux) implements Mandatory Access Control (MAC). The standard access policy based on the user, group, and other permissions, known as Discretionary Access Control (DAC), does not enable system administrators to create comprehensive and fine-grained security policies, such as restricting specific applications to only viewing log files, while allowing other applications to append new data to the log files. Transferring SELinux settings to another system with semanage Using the selinux System Role to apply SELinux settings on multiple systemsġ0.3. Introduction to the selinux System Roleġ0.2. Deploying the same SELinux configuration on multiple systems"ġ0.1. Deploying the same SELinux configuration on multiple systems"Ĭollapse section "10. Deploying the same SELinux configuration on multiple systemsĮxpand section "10. Creating and using an SELinux policy for a custom containerġ0. Introduction to the udica SELinux policy generatorĩ.2. Creating SELinux policies for containers"ĩ.1. Creating SELinux policies for containers"Ĭollapse section "9. Creating SELinux policies for containersĮxpand section "9. Creating and enforcing an SELinux policy for a custom applicationĨ.3. Custom SELinux policies and related toolsĨ.2. ![]() Writing a custom SELinux policy"Ĭollapse section "8. Assigning categories to files in MCSĮxpand section "8. Configuring Multi-Category Security for data confidentialityħ.4. Using Multi-Category Security (MCS) for data confidentiality"ħ.2. Using Multi-Category Security (MCS) for data confidentiality"Ĭollapse section "7. Using Multi-Category Security (MCS) for data confidentialityĮxpand section "7. Allowing MLS users to edit files on lower levelsħ. Separating system administration from security administration in MLSĦ.10. Increasing file sensitivity levels in MLSĦ.8. Changing a user’s clearance level within the defined security range in MLSĦ.6. Using Multi-Level Security (MLS)"Ĭollapse section "6. Troubleshooting problems related to SELinux"Įxpand section "6. Troubleshooting problems related to SELinux"Ĭollapse section "5. Troubleshooting problems related to SELinuxĮxpand section "5. Adjusting the policy for sharing NFS and CIFS volumes using SELinux booleansĥ. Customizing the SELinux policy for the Apache HTTP server in a non-standard configurationĤ.2. Configuring SELinux for applications and services with non-standard configurations"Ĥ.1. Configuring SELinux for applications and services with non-standard configurations"Ĭollapse section "4. ![]() Configuring SELinux for applications and services with non-standard configurationsĮxpand section "4. Confining an administrator using sudo and the sysadm_r roleĤ. Confining an administrator by mapping to sysadm_uģ.8. Adding a new user as an SELinux-confined userģ.7. Adding a new user automatically mapped to the SELinux unconfined_u userģ.5. Confined administrator roles in SELinuxģ.4. Managing confined and unconfined users"ģ.2. Managing confined and unconfined users"Ĭollapse section "3. Managing confined and unconfined usersĮxpand section "3. Enabling SELinux on systems that previously had it disabledģ. Permanent changes in SELinux states and modesĢ.4. Changing SELinux states and modes"Ĭollapse section "2. Getting started with SELinux"Įxpand section "2. Getting started with SELinux"Ĭollapse section "1. Providing feedback on Red Hat documentationĮxpand section "1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |