SELinux FAQ
From FedoraProject
m (1 revision(s)) |
|||
| Line 1: | Line 1: | ||
= Frequently Asked Questions = | = Frequently Asked Questions = | ||
| + | |||
| + | == What is SELinux? == | ||
| + | |||
| + | SELinux is a security feature in the Linux kernel that provides fine grained access control than traditional file permissions. A centralized policy determines which software can access what resources. For example, network services can be confined to a particular port, Apache web service is restricted to be able to connect to only 80 by default. | ||
| + | |||
| + | == Is it a firewall? == | ||
| + | |||
| + | Though often confused with one, SELinux is not a firewall. A firewall controls the flow of traffic to and from a computer to the network. SELinux can confine access of programs within a computer and hence can be conceptually thought of a internal firewall between programs. | ||
| + | |||
| + | == Is it useful on a desktop? == | ||
| + | |||
| + | Yes. SELinux policies in Fedora were initially focused on network facing services. However several dozens of desktop software including Firefox, HAL, D-Bus etc are protected by default in current releases of Fedora. | ||
| + | |||
| + | |||
| + | |||
== Previous FAQs == | == Previous FAQs == | ||
* [http://docs.fedoraproject.org/selinux-faq-fc5 Fedora Core 5 FAQ ] | * [http://docs.fedoraproject.org/selinux-faq-fc5 Fedora Core 5 FAQ ] | ||
Revision as of 03:17, 2 July 2008
Contents |
Frequently Asked Questions
What is SELinux?
SELinux is a security feature in the Linux kernel that provides fine grained access control than traditional file permissions. A centralized policy determines which software can access what resources. For example, network services can be confined to a particular port, Apache web service is restricted to be able to connect to only 80 by default.
Is it a firewall?
Though often confused with one, SELinux is not a firewall. A firewall controls the flow of traffic to and from a computer to the network. SELinux can confine access of programs within a computer and hence can be conceptually thought of a internal firewall between programs.
Is it useful on a desktop?
Yes. SELinux policies in Fedora were initially focused on network facing services. However several dozens of desktop software including Firefox, HAL, D-Bus etc are protected by default in current releases of Fedora.
