For example:Īdministrators have no way to control users: A user could set world readable permissions on sensitive files such as ssh keys and the directory containing such keys, customarily: ~/.ssh/ Users and programs alike are allowed to grant insecure file permissions to others or, conversely, to gain access to parts of the system that should not otherwise be necessary for normal operation.
Without SELinux enabled, only traditional discretionary access control (DAC) methods such as file permissions or access control lists (ACLs) are used to control the file access of users. In order to better understand why SELinux is important and what it can do for you, it is easiest to look at some examples.
#Grep for file type executable how to#
These enhancements mean that content varies as to how to approach SELinux over time to solve problems. SELinux was first introduced in CentOS 4 and significantly enhanced in later CentOS releases.
Security-Enhanced Linux (SELinux) is a mandatory access control (MAC) security mechanism implemented in the kernel. Creating Custom SELinux Policy Modules with audit2allow.Gathering Audit Logs In Permissive Mode.