SELinux FAQ

From FedoraProject

Revision as of 03:22, 2 July 2008 by Sundaram (Talk | contribs)

Jump to: navigation, search

Contents

Frequently Asked Questions

Note.png
The current draft is the wiki is work in progress. Do not rely on it currently. Older versions of the FAQ is available in the references section .

What is SELinux?

SELinux is a security feature in the Linux kernel that provides more fine grained access control compared to traditional file permissions. A centralized policy determines which software can access what resources. For example, network services can be confined to a particular port, Apache web service is restricted to be able to connect to only 80 by default.

Is it a firewall?

Though often confused with one, SELinux is not a firewall. A firewall controls the flow of traffic to and from a computer to the network. SELinux can confine access of programs within a computer and hence can be conceptually thought of a internal firewall between programs.

Is it useful on a desktop?

Yes. SELinux policies in Fedora were initially focused on network facing services. However several dozens of desktop software including Firefox, HAL, D-Bus etc are protected by default in current releases of Fedora.

What is the performance impact of SELinux?

Previous FAQs