SELinux FAQ

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
 
= Frequently Asked Questions =
 
= Frequently Asked Questions =
 +
 +
{{Admon/note | The current draft is the wiki is work in progress. Do not rely on it currently. Older versions of the FAQ is available in the references section .}}
  
 
== What is SELinux? ==
 
== What is SELinux? ==
  
SELinux is a security feature in the Linux kernel that provides fine grained access control than traditional file permissions. A centralized policy determines which software can access what resources. For example, network services can be confined to a particular port, Apache web service is restricted to be able to connect to only 80 by default.
+
SELinux is a security feature in the Linux kernel that provides more fine grained access control compared to traditional file permissions. A centralized policy determines which software can access what resources. For example, network services can be confined to a particular port, Apache web service is restricted to be able to connect to only 80 by default.
  
 
== Is it a firewall? ==
 
== Is it a firewall? ==
Line 13: Line 15:
 
Yes. SELinux policies in Fedora were initially focused on network facing services. However several dozens of desktop software including Firefox, HAL, D-Bus etc are protected by default in current releases of Fedora.
 
Yes. SELinux policies in Fedora were initially focused on network facing services. However several dozens of desktop software including Firefox, HAL, D-Bus etc are protected by default in current releases of Fedora.
  
 
+
== What is the performance impact of SELinux? ==
  
 
== Previous FAQs ==
 
== Previous FAQs ==

Revision as of 03:22, 2 July 2008

Contents

Frequently Asked Questions

Note.png
The current draft is the wiki is work in progress. Do not rely on it currently. Older versions of the FAQ is available in the references section .

What is SELinux?

SELinux is a security feature in the Linux kernel that provides more fine grained access control compared to traditional file permissions. A centralized policy determines which software can access what resources. For example, network services can be confined to a particular port, Apache web service is restricted to be able to connect to only 80 by default.

Is it a firewall?

Though often confused with one, SELinux is not a firewall. A firewall controls the flow of traffic to and from a computer to the network. SELinux can confine access of programs within a computer and hence can be conceptually thought of a internal firewall between programs.

Is it useful on a desktop?

Yes. SELinux policies in Fedora were initially focused on network facing services. However several dozens of desktop software including Firefox, HAL, D-Bus etc are protected by default in current releases of Fedora.

What is the performance impact of SELinux?

Previous FAQs