I've found SELinux an interesting but somehow never worked out how it works. Most of my experience is unexplained permission denied errors. In the comments there is mention of a program that will tell you when something was denied by SELinux, which is a huge step forward. I have got as far as labels being strings and files and processes have them, but how exactly that leads to the controlling of permissions (the magic ingredient) still eludes me. From recollection I don't think LWN has ever done an SELinux primer, for example. I've found an 'SELinux for Dummies' and am quite a few articles in, but the magic ingredient has not yet been revealed... At this point I'm guessing a database of some sort. I'm hoping at some point some pseudocode will appear that describes exactly how it works.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds