SELinux stands for Security-Enhanced Linux.
It is a Linux security system that adds an extra layer of protection to the operating system. It controls what users, programs, services, and processes are allowed to do.
A simple definition:
SELinux is a security feature in Linux that enforces strict rules about which processes can access which files, directories, ports, and system resources.
General idea
Normal Linux permissions ask:
Does this user have permission to access this file?
SELinux asks an additional question:
Is this process allowed by security policy to access this object?
So even if normal file permissions allow access, SELinux can still block it.
Example
Suppose Apache web server tries to read:
/var/www/html/index.html
Normal permissions may allow it:
-rw-r--r--
But SELinux also checks the file’s security label. If the file has the wrong SELinux label, Apache may be denied access.
Example command:
ls -Z /var/www/html/index.html
This shows SELinux security context labels.
Why SELinux is useful
SELinux helps protect the system if a service is misconfigured or compromised.
For example, if a web server is attacked, SELinux can limit what the web server process is allowed to access. The attacker may control the web server process, but SELinux can still prevent it from reading unrelated system files.
Common SELinux modes
getenforce
Possible outputs:
Enforcing
Permissive
Disabled
| Mode | Meaning |
|---|---|
Enforcing | SELinux policy is active and blocks unauthorized actions |
Permissive | SELinux does not block, but logs warnings |
Disabled | SELinux is turned off |
Slide-friendly summary
SELinux is a mandatory access control system for Linux. It uses security policies and labels to control what processes can access. It provides extra protection beyond normal Linux permissions.
REF: AI Tools/ChatGPT
