An unconfined process in computing, particularly in the context of Security-Enhanced Linux (SELinux), is a process that runs in an unconfined domain. These domains, such as unconfined_t, initrc_t, or kernel_t, are SELinux security contexts that impose minimal restrictions on what the process can do.
Key Characteristics
While SELinux policy rules are technically still applied to unconfined domains, the policies are written to allow nearly all actions. This means the process is not meaningfully restricted by SELinux. For unconfined processes, traditional Linux Discretionary Access Control (DAC) rules (standard Unix file permissions and ownership) are the primary mechanism restricting access. SELinux does not add further limitations beyond DAC for these processes.
If an unconfined process is compromised, SELinux will not prevent the attacker from accessing system resources and data, as it would for a confined process. The only protections are those provided by DAC.
Unconfined domains are often used for regular user processes (like shells and desktop applications), while network-facing daemons and critical services are meant to run in confined domains for better security.
Example
A process running in the unconfined_t domain (visible via ps -eZ or ls -Z) is considered unconfined. For instance, if the Apache HTTP Server (httpd) is run in an unconfined domain, it can access files and resources without SELinux interference, relying solely on DAC for security.