SELinux is a mechanism that implements mandatory access controls in Linux systems. This article shows how to create a SELinux policy that confines a standard service:
- Limit its network interfaces,
- Restrict its system access, and
- Protect its secrets.
Mandatory access control
By default, unconfined processes use discretionary access controls (DAC). A user has all the permissions over its...Read More »