All About SELinux
What Is SELinux?
Your web browser asks you if you want to download and save a certain file into a disk, your gallery app on android asks you to give permission to access your storage. These are some examples of policy control of SELinux. By default, there are different policies that ship with your respective OS. These policies can be edited if you want, mostly differ from OS to OS. You can change these policies at your will if you are an advanced user.
The first one is Enforcing. This status means that SELinux is implemented and all policies are enforced. This is a secure state as an app, service can’t access your resource without your intervention as SELinux will prevent it unless there is a rule in the policy present in SELinux. Hence, System is in the most secure state.
The second one is Permissive. This status indicates that SELinux is some partial active. It will allow access to resource if there is a policy, but will also allow access even if there isn’t rule. This status is considered as insecure and is only used when a system/app/service is in early stages as it can lead to system instability.
The main difference between Enforcing and Permissive is that Enforcing logs as well as enforces policies but Permissive only logs but doesn’t enforce policies.
Disable SELinux status means that it’s inactive and system is completely insecure. Neither logging nor policies are enforced.
However, it is still Linux and not that insecure as you will assume. There are thousands of developers always working on Linux Kernel which ensures that it is safe and secure from different kinds of attacks, bugs.
Also in case, your OS doesn’t have SELinux installed by default you can install them manually by using this command.