SELinux is an enhancement to the Linux kernel that implements mandatory access control (MAC) and role-based access control (RBAC).
This area will be used to provide different kinds of documentation about SELinux.
A lot more to come ...
- Fedora Core 5 FAQ
- Previous Versions FAQ
- Understanding and customizing the Apache HTTP SELinux Policy
- SELinux FAQ Proposed Additions
What is SELinux?
SELinux (Security-Enhanced Linux) is an implementation of mandatory access control in the Linux kernel using the Linux Security Modules (LSM) framework.
Discretionary Access Control (DAC)
- DAC is standard Linux security, and it provides no protection from broken software or malware running as a normal user or root. Users can grant risky levels of access to files they own.
Mandatory access control (MAC)
- MAC provides full control over all interactions of software. Administratively defined policy closely controls user and process interactions with the system, and can provide protection from broken software or malware running as any user.
Standard Linux and UNIX security (e.g. file permissions) uses a DAC model. It is discretionary in that the owner of a file may alter the access controls (the file permissions) at their whim.
In a DAC model, file and resource decisions are based solely on user identity and ownership of the objects. Each user and program run by that user has complete discretion over the user's objects. Malicious or flawed software can do anything with the files and resources it controls through the user that started the process. If the user is the super-user or the application is setuid or setgid to root, the process can have root level control over the entire file system.
A MAC system does not suffer from these problems. First, you can administratively define a security policy over all processes and objects. Second, you control all processes and objects, in the case of SELinux through the kernel. Third, decisions are based on all the security relevant information available, and not just authenticated user identity.
MAC under SELinux allows you to provide granular permissions for all subjects (users, programs, processes) and objects (files, devices). In practice, think of subjects as processes, and objects as the target of a process operation. You can safely grant a process only the permissions it needs to perform its function, and no more.
The SELinux implementation uses role-based access control (RBAC), which provides abstracted user-level control based on roles, and Type Enforcement® (TE). TE uses a table, or matrix to handle access controls, enforcing policy rules based on the types of processes and objects. Process types are called domains, and a cross-reference on the matrix of the process's domain and the object's type defines their interaction. This system provides extremely granular control for actors in a Linux system.