Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Security-Enhanced Linux
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=={{Anchor|AVC}}Features== SELinux features include: * Clean separation of policy from enforcement * Well-defined policy interfaces * Support for applications querying the policy and enforcing access control (for example, [[cron]]d running jobs in the correct context) * Independence of specific policies and policy languages * Independence of specific security-label formats and contents * Individual labels and controls for kernel objects and services * Support for policy changes * Separate measures for protecting system integrity (domain-type) and data confidentiality ([[multilevel security]]) * Flexible policy * Controls over process initialization and inheritance, and program execution * Controls over file systems, directories, files, and open [[file descriptor]]s * Controls over sockets, messages, and network interfaces * Controls over the use of "capabilities" * Cached information on access-decisions via the ''Access Vector Cache'' (AVC)<ref>{{cite book | author = Fedora Documentation Project | title = Fedora 13 Security-Enhanced Linux User Guide | url = https://books.google.com/books?id=feDeO4IglRkC | access-date = 2012-02-22 | year = 2010 | publisher = Fultus Corporation | isbn = 978-1-59682-215-3 | page = 18 | quote = SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). Caching decisions decreases how often SELinux rules need to checked, which increases performance.}}</ref> * [[Whitelisting|Default-deny]] policy (anything not explicitly specified in the policy is disallowed)<ref>{{cite web |title=SELinux/Quick introduction - Gentoo Wiki |url=https://wiki.gentoo.org/wiki/SELinux/Quick_introduction#SELinux_policy |website=wiki.gentoo.org}}</ref><ref>{{cite web |title=Getting Started with SELinux |url=https://www.linode.com/docs/security/getting-started-with-selinux/ |website=Linode Guides & Tutorials |date=18 March 2020 |language=en |access-date=8 August 2019 |archive-date=8 August 2019 |archive-url=https://web.archive.org/web/20190808110700/https://www.linode.com/docs/security/getting-started-with-selinux/ |url-status=live }}</ref><ref>{{cite web |title=NB Overview - SELinux Wiki |url=https://selinuxproject.org/page/NB_Overview |website=selinuxproject.org |access-date=8 August 2019 |archive-date=8 August 2019 |archive-url=https://web.archive.org/web/20190808110700/https://selinuxproject.org/page/NB_Overview |url-status=live }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)