Security-Enhanced Linux (SELinux) is a security architecture integrated into the Linux kernel that enforces mandatory access control (MAC) policies to provide a robust mechanism for protecting system resources and data from unauthorized access or tampering. Originally developed by the United States National Security Agency (NSA) in collaboration with Red Hat, SELinux is now a standard component in many Linux distributions, particularly those focused on enterprise and server environments.
Key Features
• Mandatory Access Control (MAC): SELinux enforces strict access controls defined by administrators, overriding traditional discretionary access control (DAC) models.
• Policy-Driven Security: Administrators define security policies that specify which users and processes can access specific resources, ensuring a least-privilege approach.
• Separation of Policy and Enforcement: SELinux separates the security policy from its enforcement, allowing for flexible and centralized management.
• Granular Controls: It provides fine-grained control over files, processes, network ports, and other system resources, reducing the risk of privilege escalation and system compromise.
• Labeling System: Every process and object (such as files, sockets, and devices) is assigned a security label, which includes user, role, type, and optionally a security level.
• Default-Deny Stance: By default, anything not explicitly allowed by policy is denied, minimizing the attack surface.
How SELinux Works
SELinux operates by assigning security contexts (labels) to all processes and resources. When a process (subject) requests access to a resource (object), SELinux checks the policy to determine if the action is permitted based on their labels. The decision is made by the Security Server and cached in the Access Vector Cache (AVC) for efficiency.
SELinux Modes
• Enforcing: SELinux actively blocks unauthorized actions according to the policy and logs denials (most secure).
• Permissive: SELinux does not block actions but logs policy violations for auditing and troubleshooting.
• Disabled: SELinux is turned off and does not enforce any policies (least secure).
SELinux Label Structure
A typical SELinux label looks like:user:role:type:level
• User: SELinux user identity (distinct from Linux user accounts)
• Role: Defines what actions the user can perform
• Type: The most critical component, used for type enforcement
• Level: (Optional) Indicates sensitivity or category for multi-level security
Benefits
• Enhanced Security: Limits the potential damage from compromised applications or users by confining them to minimal privileges.
• Policy Flexibility: Administrators can tailor policies to fit specific security requirements.
• Protection Against Privilege Escalation: Even if an attacker gains root access, SELinux can prevent them from accessing protected resources if not permitted by policy.