LX0-104 · Question #383
SELinux is a Linux feature that:
The correct answer is C. enforces Mandatory Access Control policies that can restrict user space programs and system servers. SELinux is a security enhancement for Linux that implements Mandatory Access Control (MAC) policies, enforcing fine-grained restrictions on processes and system resources.
Question
Options
- Amonitors system file access by unprivileged users and warns them when they are trying to gain access
- Bprovides only Mandatory Access Control policies. Additional access control models such as Rolebased
- Cenforces Mandatory Access Control policies that can restrict user space programs and system servers
- Densures that system files referenced in the Mandatory Access Control policies are not modified and alerts
How the community answered
(44 responses)- A2% (1)
- C95% (42)
- D2% (1)
Why each option
SELinux is a security enhancement for Linux that implements Mandatory Access Control (MAC) policies, enforcing fine-grained restrictions on processes and system resources.
While SELinux does monitor access, its primary function is to enforce policies and prevent unauthorized access, not merely to warn users about attempts.
SELinux is designed as a flexible MAC framework that supports various access control models, including Role-Based Access Control (RBAC) and Type Enforcement (TE), not solely a single form of MAC.
SELinux (Security-Enhanced Linux) is a kernel security module that enforces Mandatory Access Control (MAC) policies, which rigorously define and restrict what user-space programs and system services can access and do, even if they are compromised. This provides a robust layer of security beyond traditional Discretionary Access Control.
SELinux enforces policies on access to files and other resources; its direct function is to prevent unauthorized actions based on its policy rules, rather than solely ensuring files are not modified and alerting, which is more typical of file integrity monitoring.
Concept tested: SELinux function (Mandatory Access Control)
Source: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/using_selinux/what-is-selinux_using-selinux
Topics
Community Discussion
No community discussion yet for this question.