First, the Unix permissions are checked. If they allow the operation, SEL checks it and either permits it or denies...
it based on the predefined roles that you have configured.
Let's go back to the purpose of SEL. It adds mandatory access controls (MAC) to Linux. It is designed for preventing bad programs from tampering with your data and comprising other security controls you might have on your system. These bad programs include both malicious applications and badly written code.
At the same time, SEL helps minimize the damage that can be done as the result of an intrusion. The trusted operating systems (referred to in Is SEL trustworthy?)(particularly ones that are labeled C2) certainly have a form of access controls, but were not really mainstream (not mandatory, accept for B1 and higher) and also offered a limited Mandatory Access Control (MAC) model.
SEL provides a very flexible and configurable MAC to Linux. It can help you enforce critical processing on your data and also to enforce various legal restrictions, including disclosure of sensitive data. If you are a part of an organization that is concerned about securing your data, it is incumbent upon you to determine how deploying SEL can help secure your environment. If you are mandated by government and/or other regulalatory agencies to secure your data, the importance of implementing SEL becomes that much greater.
Dig Deeper on Linux system security best practices
Related Q&A from Kenneth Milberg
Unix-to-Linux migration expert Ken Milberg describes how virtualization, support, clustering and more fit into the migration of an IT infrastructure ...continue reading
A reader new to Linux wonders about which distribution is recommended for installing Nagios and what Nahant and Tikanga mean.continue reading
Documentation for Red Hat Enterprise Linux 5 covering checking system performance, tuning, kernel configuration and extending the file system exists ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.