SELinux Coloring Book

Dan Walsh
August 3, 2020
SELinux Coloring Book


OpenShift for Developers Book Cover

Learn the basics of SELinux, including type enforcement, Multi-Category Security (MCS) Enforcement, and Multi-Level Security (MLS) Enforcement, with the help of some friendly cats and dogs!


We've typed the dog process and cat process, but what happens if you have multiple dog processes: Fido and Spot? You want to stop Fido from eating Spot's dog_chow.  One solution would be to create lots of new types, like Fido_dog and Fido_dog_chow. But, this will quickly become unruly because all dogs have pretty much the same permissions. To handle this we developed a new form of enforcement, which we call Multi Category Security (MCS). In MCS, we add another section of the label which we can apply to the dog process and to the dog_chow food. Now we label the dog process as dog:random1 (Fido) and dog:random2 (Spot).

Related Resources