In this chapter
7.1 Closer Look at the Access Decision Algorithm
7.2 Constrain Statement
7.3 Label Transition Constraints
7.4 Summary
7.5 Exercises
page 150page 152page 157page 160page 161
page 150
page 152
page 157
page 160
page 161
SELinux provides a constraint mechanism to further restrict the access allowed by the policy regardless of the policy allow rules. In this chapter, we explore the constraint feature in SELinux.