Security
The Linux kernel supports different security models by providing hooks and letting you build in your choice of model. At the moment, only a few models come with the default kernel source tree, but developers of new models are working on getting more accepted.
Default Linux Capabilities
The standard type of security model for Linux is the "capability" model. You should always select this option unless you really want to run an insecure kernel for some reason.
To enable it:
Security options
[*] Enable different security models
[*] Default Linux CapabilitiesSELinux
A very popular security model is called SELinux. This model is supported by a number of different Linux distributions.
SELinux requires that the networking option be enabled. See Networking to enable this.
SELinux also requires that audit be enabled in the kernel configuration. To do this:
General setup
[*] Auditing supportAlso, the networking security option must be enabled:
Security options
[*] Enable different security models
[*] Socket and Networking Security HooksNow it is possible to select the SELinux option:
Security options
[*] Enable different security models
[*] NSA SELinux SupportThere are also a number of individual SELinux options that you might wish to enable. Please see the help for the individual different items for more descriptions on what they do in.
Security options [*] Enable different security models [*] NSA SELinux Support [ ] NSA SELinux boot parameter [ ] NSA SELinux runtime disable [*] NSA SELinux ...
Get Linux Kernel in a Nutshell now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
