What is SE Linux
Simply SE Linux is a security layer that lies in between user and Linux kernel.For an example let's say that, you are going to access web site that runs on a SE Linux enabled server. First you need a web browser then you type the URL on the address bar, then it's search the DNS, .... and finally it will find the server ip. Once your request comes to the server it start some process for you with a unique id now you have some kind of connection to the server. From this step onward the server deal with your request. Without SE Linux the process runs on DAC (Discretionary Access Control ) mode. This means the user have the normal Linux file permission. In other words the user (who sent the request) log in as apache (default user for apache server ). This is not too bad because we can restrict user from editing files in server, but in most case it is not possible. Because we to write logs, upload files and many more to write to server, so in typical web server user apache have full permission to server root. What if some one upload a script to your server :-/ . But with SE Linux we can over come these kind of risks.
In SE Linux your request doesn't go through the server as in normal Linux. First it checks the DAC then it pass the request to MAC ( Mandatory Access Control ) layer. On the MAC layer it creates a context according to predefined policies. Now we have the full control over request (process).
