SELinux Game Learn SELinux By Doing

SELinux Rules and Modules

The primary security mechanism of SELinux is type enforcement, meaning that rules are specified using the type of the process and object:

allow user_t user_home_t:file { create read write unlink };

This rule states that the user_t type is allowed to create, read, write, and delete files with the user_home_t type.

Policies

A groups of rules together make a module, which collectively allow all of the necessary permissions a given application needs. List all of the installed policies with the semodule -l command.

Tools

semodule can list the installed policies with the selinux -l command.

Try it!

Explore these commands using the tutorial vagrant box. Start the environment using
vagrant up tutorial
vagrant ssh tutorial
If you don't have the command, visit the getting started guide

More Tutorials

After this one, the following tutorials are recommended:

Portions of this page's content are copied from this page for non-commercial, education purposes.