Chapter 1: Fundamental SELinux Concepts
Providing more security for Linux
Introducing Linux Security Modules (LSM)
Extending regular DAC with SELinux
Restricting root privileges
Reducing the impact of vulnerabilities
Labeling all resources and objects
Dissecting the SELinux context
Enforcing access through types
Granting domain access through roles
Limiting roles through users
Controlling information flow through sensitivities
Defining and distributing policies
Distributing policies through modules
Bundling modules in a policy store
Distinguishing between policies
Dealing with unknown permissions
Supporting unconfined domains
Limiting cross-user sharing
Incrementing policy versions
Chapter 2: Understanding SELinux Decisions and Logging
Switching SELinux on and off
Setting the global SELinux state
Switching to permissive or enforcing mode
Using kernel boot parameters
Disabling SELinux protections for a single service
Understanding SELinux-aware applications
SELinux logging and auditing
Configuring Linux auditing
Configuring the local system logger
Other SELinux-related event types
Getting help with denials
Troubleshooting with setroubleshoot
Sending emails when SELinux denials occur
Interacting with systemd-journal
Chapter 3: Managing User Logins
User-oriented SELinux contexts
Listing SELinux user mappings
Mapping logins to SELinux users
Customizing logins for services
Listing accessible domains
Defining allowed SELinux contexts
Validating contexts with getseuser
Switching roles with newrole
Managing role access through sudo
Reaching other domains using runcon
Switching to the system role
Assigning contexts through PAM
Prohibiting access during permissive mode
Polyinstantiating directories
Chapter 4: Using File Contexts and Process Domains
Introduction to SELinux file contexts
Getting context information
Interpreting SELinux context types
Keeping or ignoring contexts
Inheriting the default contexts
Querying transition rules
Temporarily changing file contexts
Placing categories on files and directories