SELinux provides a strong security measure that can make an SELinux-enabled operating system a type of “fortress”: the so-called “confined users” [1] [2] [3], which add security and isolation capabilities that are in several respects comparable to containers but without many of their restrictions in GUI use cases (this topic is focused on desktop use cases, not server, infra, and such). By default, SELinux does not enforce much within user accounts but only around them. But in graphical desktop...
A bit dated experience, but I wanted to make a ‘simple’ web app (nginx/fpm/psql) SELinux compatible in 2014.
After reading the docs, it seemed I needed three layers of configuration just to make a policy. For two ports and two folders, that seemed way too complicated and absolutely not worth it.
A bit dated experience, but I wanted to make a ‘simple’ web app (nginx/fpm/psql) SELinux compatible in 2014.
After reading the docs, it seemed I needed three layers of configuration just to make a policy. For two ports and two folders, that seemed way too complicated and absolutely not worth it.