๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Linux Advanced

What is SELinux?

Security-Enhanced Linux โ€” a mandatory access control system that confines programs to minimum required privileges beyond standard file permissions.

SELinux, developed by the NSA, adds a layer of security beyond traditional Unix permissions. It assigns security labels (contexts) to files, processes, and ports, then enforces policies about what each labeled process can access. Even if a process runs as root, SELinux can restrict its capabilities. Three modes exist: Enforcing (blocks and logs violations), Permissive (logs but allows violations), and Disabled. Common commands include getenforce, setenforce, restorecon, and chcon. While SELinux has a steep learning curve, it significantly hardens Linux systems and is enabled by default on RHEL/CentOS/Fedora.

Related Terms

ACL (Access Control List)
An extension to standard Linux file permissions that allows setting fine-grained access rights for specific users and groups beyond owner/group/other.
Firewalld
A dynamic firewall management tool for Linux that provides a D-Bus interface for managing firewall rules with zones.
Procfs (/proc)
A virtual filesystem in Linux that provides an interface to kernel data structures, exposing process and system information as files.
Pipe
A mechanism that connects the output of one command directly to the input of another, enabling command chaining.
Iptables
The traditional Linux firewall tool that filters network packets using configurable chains of rules organized in tables.
Inode
A data structure in Unix filesystems that stores metadata about a file, excluding its name and data.
View All Linux Terms โ†’