SELinux Policies

Some words about SELINUX

What SELinux is actually doing

Loaded in the kernel, the Linux Security Module performs three ongoing tasks, based upon the rules loaded from user space (i.e. the Policy):

  • Grant or deny access permission to processes requesting to perform action on objects
  • Grant or deny permission for context changes of objects and processes.
  • Decide what context to give to new objects and processes at their creation.

SELinux permissions are given on top of classic UNIX permissions. An action will take place only if both permissions are granted.

Enforcing vs. permissive mode

  • Enforcing mode – The kernel refuses any action for which SELinux denies permission
  • Permissive mode – SELinux only writes denial log messages, but the kernel ignores its denials (only classic UNIX permissions take effect)
  • By default, any sane system will boot in enforcing mode

However ,  some applications seems to have no “default policy” or the “default” one is not working properly or at all:

1. first case:: NAGIOS who is not working at all with ” it’s default policy”

2. 2nd case:: QMAILADMIN – it has NO default policy

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s