Security Enhanced Linux (SELinux) is an extension to the standard Linux kernel that has been designed to enforce strict access controls. SELinux lets you confine processes to the minimum amount of privilege they require. In this report, I will cover the ideas behind SELinux and show how to configure and manage an SELinux system for transparently securing existing applications as well as new ones.
As an example of configuring a security policy, Iíll show how to configure out-of the box and custom-written ping-like applications with an example security policy that restricts certain users to accessing only the functionality which is required for operation. Also, I will show how SELinux solves the problem of rogue superuser, and prevents privilege elevation. Another goal of this report is to describe the process of writing SELinux-aware applications, as well as give and example of such attempts.
In this report, SELinux policies are configured manually without automated policy-generation tools. I feel such step-by-step walk-through helps to achieve better understanding of the structure, philosophy and inner workings of SELinux product.
This document is in PDF format. To view it click here.