In this chapter
SELinux provides a form of role-based access control (RBAC) that builds upon type enforcement (TE). Roles are used to group domain types and to restrict relationships between domain types and users. Users in SELinux associate one or more roles with a Linux user. Using roles and users, the RBAC features allow for the efficient definition and management of the privileges ultimately granted to Linux users. |