Skip to main content
HashnodeMy Cloud and DevOps Journey

Command Palette

Search for a command to run...

Day-8: πŸ”’ SELinux Overview πŸ”’

Published
β€’2 min read
Day-8: πŸ”’ SELinux Overview πŸ”’
U
Umar Ali Butt

What is SELinux?

SELinux (Security Enhanced Linux) is the security feature in Linux that controls what programs and users can do on the system. It is like a strict security guard which make sure that every program and user follow the rules.

Think of it as a Bank Security System in which:

  • A Bank has restricted areas means not everyone can enter the vault

  • Employees has specific roles means the cashier can handle money but janitor cannot handle money.

  • Security camera monitor activities to prevent the unauthorize access

Similarly, SELinux:

  • Decided which files, processes and users can access what

  • Blocks anything suspicious or unauthorized.

  • Protects the system even if the hacker gets in.

By default SELinux restricts access more than normal Linux security which makes it much harder for malware or attackers to exploit the system.

SELinux Architecture

SELinux is built into Linux Kernel and works as extra layer of security. It uses Mandatory Access Control (MAC) to enforce strict rules on what process or user can do.

Difference from Standard File Permissions:

  • File Permissions: Control which users or groups can read, write, or execute a file known as Discretionary Access Control (DAC)

  • SELinux Policies: Control how files are used and accessed by processes, preventing unintended actions even by authorized users known as Mandatory Access Control (MAC)

How SELinux Works (Flow)

1- A process (e.g., a web server) tries to access a file.
2- SELinux checks the security policy.
3- If allowed, the action proceeds. If denied, an error occurs.
4- The decision is stored in AVC to improve performance.

Why Use SELinux?

  • Prevents unauthorized access.

  • Stops malware and exploits.

  • Protects critical system files.

SELinux Modes

  1. Enforcing (Strict Mode) – Blocks everything that violates policies. This is default mode which is Used in Red Hat Enterprise Linux (RHEL).

  2. Permissive (Logging Mode) – Logs policy violations but doesn’t block. In this SELinux is active and logs violation without enforcing the rules. This is useful for Testing and Troubleshooting.

  3. Disabled – SELinux is turned off, No policies are loaded or enforced. Disabling SELinux is strongly discouraged.

#linux

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

M

My Cloud and DevOps Journey

10 posts