Some words about SELINUX
What SELinux is actually doing
Loaded in the kernel, the Linux Security Module performs three ongoing tasks, based upon the rules loaded from user space (i.e. the Policy):
- Grant or deny access permission to processes requesting to perform action on objects
- Grant or deny permission for context changes of objects and processes.
- Decide what context to give to new objects and processes at their creation.
SELinux permissions are given on top of classic UNIX permissions. An action will take place only if both permissions are granted.
Enforcing vs. permissive mode
- Enforcing mode – The kernel refuses any action for which SELinux denies permission
- Permissive mode – SELinux only writes denial log messages, but the kernel ignores its denials (only classic UNIX permissions take effect)
- By default, any sane system will boot in enforcing mode
However , some applications seems to have no “default policy” or the “default” one is not working properly or at all:
1. first case:: NAGIOS who is not working at all with ” it’s default policy”
2. 2nd case:: QMAILADMIN – it has NO default policy