ii

Introduction to the Red Hat SELinux Guide

SELinux is implemented in the Linux kernel using the LSM (Linux Security Modules) framework.

This is only the latest implementation of an ongoing project, as detailed in Appendix A Brief Back 

ground and History of SELinux. To support fine grained access control, SELinux implements two

technologies: Type Enforcement  (TE) and a kind of role based access control (RBAC), which are

discussed in Chapter 1 SELinux Architectural Overview.

Type Enforcement involves defining a type for every subject, that is, process, and object on the sys 

tem. These types are defined by the SELinux policy and are contained in security labels on the files

themselves, stored in the extended attributes (xattrs) of the file. When a type is associated with a pro 

cesses, the type is called a domain, as in, "

httpd

is in the domain of

httpd_t

." This is a terminology

difference leftover from other models when domains and types were handled separately.

All interactions between subjects and objects are disallowed by default on an SELinux system. The

policy specifically allows certain operations. To know what to allow, TE uses a matrix of domains

and object types derived from the policy. The matrix is derived from the policy rules. For exam 

ple,

allow httpd_t net_conf_t:file { read getattr lock ioctl };

gives the domain

associated with

httpd

the permissions to read data out of specific network configuration files such as

/etc/resolv.conf

. The matrix clearly defines all the interactions of processes and the targets of

their operations.

Because of this design, SELinux can implement very granular access controls. For Red Hat Enterprise

Linux 4 the policy has been designed to restrict only a specific list of daemons. All other processes

run in an unconfined state. This policy is designed to help integrate SELinux into your development

and production environment. It is possible to have a much more strict policy, which comes with an

increase in maintenance complexity.

2. Prerequisites for This Guide

The technical skills required for this guide are not very extensive. The most important skill to have is

an ability to learn technical theories and put them into practice. It helps if you come into this guide with

an idea of what you want to do, such as administrating a set of common services, making user content

from

/home/

served via Apache HTTP, manipulating policy to get a custom PHP Web application

running, or writing a policy from to enable a custom application to be protected by SELinux. The

following is helpful to have as you read through this guide:

Strong working understanding of Linux, especially Red Hat Enterprise Linux.

If you are going to be administrating services, manipulating or analyzing policy, junior  to mid 

level system administration skills and experience is necessary, such as being a Red Hat Certified

Technician (RHCT) or Red Hat Certified Engineer (RHCE)..

To work with SELinux at that level, you must have the following:

An understanding of traditional Linux/UNIX security.

An understanding of how a Linux/UNIX system operates on a lower level, such as how the kernel

has system calls for various operations (open, close, read, write, ioctl, poll, etc.) An understand 

ing of programming and system theory is useful in writing policy.

A familiarity with the m4 macro language, which is helpful in understanding some parts of the

SELinux policy.

Read many of the NSA papers, listed in Chapter 9 References.

Administrator privileges on the system you have Red Hat Enterprise Linux installed on is neces 

sary to perform many of the operations in this guide. However, there is plenty of useful informa 

tion for end users.