Usage
SELinux can potentially control which activities are allowed for each user, process and daemon, with very precise specifications. However, it is mostly used to confine daemons like database engines or web servers that have more clearly defined data access and activity rights. A confined daemon that becomes compromised is thus limited in the harm it can do. Ordinary user processes often run in the unconfined domain, not restricted by SELinux but still restricted by the classic Linux access rights.
See also: chcon, restorecon, restorecond, runcon, secon, fixfiles, setfiles, load policy, booleans, getsebool, setsebool, togglesebool setenforce, load policy setfiles, selinuxenabled, semodule, postfix-nochroot, check-selinux-installation, semodule package, checkmodule, selinux-config-enforcing, selinuxenabled, selinux-policy-upgrade ;
and also: security set boolean
Usage examples a.) to put SELinux into enforcing mode:
$ sudo setenforce 1b.) to query the SELinux status:
$ getenforceRead more about this topic: Security-Enhanced Linux
Famous quotes containing the word usage:
“Pythagoras, Locke, Socrates—but pages
Might be filled up, as vainly as before,
With the sad usage of all sorts of sages,
Who in his life-time, each was deemed a bore!
The loftiest minds outrun their tardy ages.”
—George Gordon Noel Byron (1788–1824)
“I am using it [the word ‘perceive’] here in such a way that to say of an object that it is perceived does not entail saying that it exists in any sense at all. And this is a perfectly correct and familiar usage of the word.”
—A.J. (Alfred Jules)
“Girls who put out are tramps. Girls who don’t are ladies. This is, however, a rather archaic usage of the word. Should one of you boys happen upon a girl who doesn’t put out, do not jump to the conclusion that you have found a lady. What you have probably found is a lesbian.”
—Fran Lebowitz (b. 1951)