selinux

This article explores the ideas behind SELinux and its basic architecture .

本文将探究SELinux背后的思想及其基本架构。

Next install the SELinux policy module development package

接下来安装SELinux策略模块开发包

Finally , put SELinux back into enforcing mode .

最后，把SELinux设置回强制模式。

If you are interested in that level of protection , SELinux can help .

如果您对这个级别的保护感兴趣，SELinux可以帮助您。

SELinux begins by controlling everything while using an impressive policy language to simplify policy management .

SELinux首先对所有东西实施控制，同时使用强大的策略语言简化策略的管理。

The configuration examples provided here should work whether or not you have enabled SELinux .

无论是否启用了SELinux，此处提供的配置示例都会有效。

The semanage user command creates a new SELinux user .

semanageuser命令将创建一个新SELinux用户。

But for simplicity , let 's fully rely on SELinux to enforce access control .

但是为了简单起见，让我们完全依赖SELinux来实施访问控制。

Note : The code examples discussed here use SELinux for all the access-control needs .

注：此处讨论的代码示例使用SELinux处理所有访问控制需求。

In this example , you are not using SELinux , so you must specify the user for the method .

在本例中没有使用SELinux，因此必须指定方法的用户。

Note that there are no inherent controls over SELinux user transitions .

注意，对SELinux用户转换没有任何固有控制。

This process is a bit complicated if your server or workstation has SELinux enabled .

如果您的服务器或工作站启用了SELinux，这个过程会有些复杂。

SELinux is by far the most well-known MAC system for Linux ( mandatory access control ) .

到目前为止，SELinux是针对Linux的最有名的MAC系统（强制访问控制）。

As the screen describes , SELinux provides more security options than what is available with regular Linux .

正如屏幕上说明的一样，SELinux提供了比普通Linux更多的安全选项。

SELinux is one of the most comprehensive security frameworks available today , but it 's certainly not the only one .

SELinux是目前最全面的安全框架之一，但它不是惟一的。

The interface is as long as it is due to the fine-grained nature of the existing SELinux reference policy .

该接口很长，这是由现有SELinux引用策略的细粒度特性决定的。

SELinux is configured using a modular policy language which allows an installed policy to be easily updated by users .

SELinux使用模块化策略语言配置，因此用户可以轻松更新已安装的策略。

The login process , however , uses the Linux username to choose an SELinux user for your security context .

但是，登录进程将使用Linux用户名来为安全上下文选择SELinux用户。

Note that without a userid , the id command will also display SELinux context as well as basic id information .

请注意，没有用户id，id命令也会显示SELinux上下文和基本id信息。

The next section explores the SELinux implementation and how security enforcement was transparently added to the Linux kernel .

下一节将探讨SELinux实现，以及如何将安全增强透明地添加到Linux内核中。

But the SELinux checks can do many things that are hard to do with traditional UNIX-like permissions .

不过，SELinux检查可以做很多对传统的类UNIX权限来说难以完成的事情。

In the early days of SELinux , while it was still a set of patches , it provided its own security framework .

在早期的SELinux中，它还是一个补丁集，它提供了自己的安全性框架。

AppArmor was originally developed because SELinux was viewed as too complex for typical users to manage .

AppArmor的开发初衷是因为人们认为SELinux太过复杂，不适合普通用户管理。

While your Linux username and SELinux username may be made identical , they are not by themselves related .

虽然Linux用户名和SELinux用户名可能相同，但是它们本身并没有联系。

In this case , the hooks are defined in the loadable kernel module for SELinux .

在本例中，这些钩子在可载入的SELinux内核模块中定义。

For SELinux , you should fine-tune and then push a container interface into the upstream reference policy .

对于SELinux，应该对其进行调优，然后将一个container接口放置到上游引用策略。

The semanage login commands tie Linux usernames to SELinux users .

semanagelogin命令将把Linux用户名与SELinux用户绑定在一起。

If you 're using a Web hosting company for your server , SELinux may be disabled because it would probably generate too many support calls .

如果您使用的是一个Web主机公司的服务器，SELinux可能被禁用了，因为启用SELinux可能会有太多的支持呼叫。

With SELinux , you could easily make a Web server that could only run specific programs and could only write to files with specific security contexts .

使用SELinux，您可以方便地创建一个只能运行特定程序并且只能在特定的上下文中写文件的Web服务器。

The Access Vector Cache ( AVC ) is a cache of previous SELinux decisions ( to increase the process 's performance ) .

访问向量缓存（AccessVectorCache，AVC）缓存了之前的SELinux决策（提高进程的性能）。