SELinux is an advanced security mechanism available for Linux-based systems. Think of it as one more guarding layer on top of regular user and group access rights in Linux. Since Fedora-based systems come with a sane default set of SELinux policies out of the box, we get this extra security for our servers almost for free.It’s true that many administrators ignore SELinux and argue that given the SELinux complexity, it’s not worth the trade-off. The thing is that SELinux can prevent a class of security vulnerabilities that Linux permissions simply cannot and provide an additional security layer in the spirit of defense-in-depth, a security concept advocating for more independent layers of protection.

Table of Contents


Targeted SELinux

User and Role Enforcement
Type Enforcement

File Contexts

SELinux Booleans

SELinux Modes

Troubleshooting SELinux

auditd logs
sealert and audit2allow

Writing Policy Files

Policy Rules
Custom Policy Modules


Buy for $50
Rated 36x five stars
Gumroad (as of Aug 3, 2023)
I am using some scripts I downloaded from Josef Strzibny's book that are setting up Ruby on Rails deployment and automatically installing a PostgreSQL server. I am also using Dokku, but I like the idea of controlling what is happening on the server.
Lucian Ghinda, Senior Ruby Developer