Chapter 5. Controlling Network Communications
The SELinux mandatory access controls go much beyond its file and process access controls. One of the features provided by SELinux is the ability to control network communications. By default, the socket-based access control mechanism is used for general network access controls, but more detailed approaches are also possible.
In this chapter, we will:
- Learn how network access controls are governed by SELinux
- Cover what administrators can do to further strengthen network communications using
iptables - Describe how SELinux policies can be used for cross-system security through labeled IPsec
We'll finish the chapter with an introduction to CIPSO labeling and its integration with SELinux.
From IPC to TCP and ...
Get SELinux System Administration - Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
