Chapter 7. Security Enhanced Linux

This version of EnGarde incorporates Security Enhanced Linux, or SELinux as it is commonly known. SELinux was originally created by the National Security Agency and is a system of Mandatory Access Control, in which every application running on the system is allowed to perform only the actions required to perform its job, as defined by the system's security policy. This effectively restricts the system's exposure to a security flaw in a running application by denying any action that would not normally be performed by that application.

This section will discuss the basics of SELinux administration, but is not intended as an in depth discussion of the subsystem.

7.1. Disabling SELinux at Boot

As discussed in Section 3.1, you can start the system using the default Secure option or the Standard option. Entering standard at the boot prompt will put SELinux into what is known as Permissive mode, where it will still send denial messages to the system log, but will not actually deny the actions. This is useful for troubleshooting SELinux problems.