The default context-based permissions scheme provided with CentOS and Red Hat Enterprise Linux and is available on other distributions
Support auto labeling
SELinux contexts (labels):
Define resource access
When you list an object’s contexts, each one is delineated by a colon.
User (SELinux users not Linux system users)
Each Linux system user is mapped to one of these SELinux user values.
Different distributions provide different users, but common ones include:
unconfined_u —All users
user_u —Unprivileged users
sysadm_u —System administrators
root —Root user
Role: SELinux users are authorized to be in roles
Type:
For fine-grained access control.
It is a way of grouping objects together that have similar security requirements or characteristics.
The word type usually applies to files and directories, whereas a domain is just a type that applies to processes.
For example, ssh_t is the domain for the SSH process
Modes:
Enforcing (1): SELinux is enabled and policies are enforced. This is the normal SELinux mode that protects the system.
Permissive (0): SELinux is enabled, but policies are not enforced. Actions that would have been blocked by SELinux are instead logged for further examination by the administrator.