This is a Linux feature developed by NSA (National Security Agency). It is not a Linux distribution, but a set of modification that can be applied to Unix-like OS (Operating System) kernels.
This is a really good overview article of what SELinux is and is not.
MAC (Mandatory Access Controls) - enforced by SELinux.
DAC (Discretionary Access Control) - the old way of controlling what privileges a user can set on a file.
The SELinux policy has no concept of an all-powerful superuser. It looks at things from the perspective of what is allowed.
An Internet-facing server should be locked down very strictly.
FC3 (Fedora Core 3) allows a targeted policy - "allow all, deny as needed."
Some more good information.
AVC (access vector cache)
No comments:
Post a Comment