Usage
SELinux can potentially control which activities are allowed for each user, process and daemon, with very precise specifications. However, it is mostly used to confine daemons like database engines or web servers that have more clearly defined data access and activity rights. A confined daemon that becomes compromised is thus limited in the harm it can do. Ordinary user processes often run in the unconfined domain, not restricted by SELinux but still restricted by the classic Linux access rights.
See also: chcon, restorecon, restorecond, runcon, secon, fixfiles, setfiles, load policy, booleans, getsebool, setsebool, togglesebool setenforce, load policy setfiles, selinuxenabled, semodule, postfix-nochroot, check-selinux-installation, semodule package, checkmodule, selinux-config-enforcing, selinuxenabled, selinux-policy-upgrade ;
and also: security set boolean
Usage examples a.) to put SELinux into enforcing mode:
$ sudo setenforce 1b.) to query the SELinux status:
$ getenforceRead more about this topic: Security-Enhanced Linux
Famous quotes containing the word usage:
“Girls who put out are tramps. Girls who don’t are ladies. This is, however, a rather archaic usage of the word. Should one of you boys happen upon a girl who doesn’t put out, do not jump to the conclusion that you have found a lady. What you have probably found is a lesbian.”
—Fran Lebowitz (b. 1951)
“I am using it [the word ‘perceive’] here in such a way that to say of an object that it is perceived does not entail saying that it exists in any sense at all. And this is a perfectly correct and familiar usage of the word.”
—A.J. (Alfred Jules)
“...Often the accurate answer to a usage question begins, “It depends.” And what it depends on most often is where you are, who you are, who your listeners or readers are, and what your purpose in speaking or writing is.”
—Kenneth G. Wilson (b. 1923)