Chapter 9. Aligning SELinux with DAC

In this chapter, our focus will be on the following set of recipes:

Assigning a different root location to regular services
Using a different root location for SELinux-aware applications
Sharing user content with file ACLs
Enabling polyinstantiated directories
Configuring capabilities instead of setuid binaries
Using group membership for role-based access
Backing up and restoring files
Governing application network access

Introduction

SELinux is an access control mechanism that works alongside the regular access controls that Linux provides. Making sure that these various access control systems play nicely together is important as both have their merits and uses.

Regular DAC security services on Linux are already quite ...

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux Cookbook by Sven Vermeulen

Chapter 9. Aligning SELinux with DAC

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly