10 Implementing Mandatory Access Control with SELinux and AppArmor

As we saw in previous chapters, Discretionary Access Control (DAC) allows users to control who can access their own files and directories. But what if your company needs to have more administrative control over who accesses what? For this, we need some sort of Mandatory Access Control (MAC).

The best way I know to explain the difference between DAC and MAC is to hearken back to my Navy days. I was riding submarines at the time, and I had to have a Top Secret clearance to do my job. With DAC, I had the physical ability to take one of my Top Secret books to the mess decks, and hand it to a cook who didn’t have that level of clearance. With MAC, there were rules that prevented me ...

Get Mastering Linux Security and Hardening - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Linux Security and Hardening - Third Edition by Donald A. Tevault

10

Implementing Mandatory Access Control with SELinux and AppArmor

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly