Hardening domain

Mandatory Access Control

Discretionary permissions stop at the file owner; mandatory access control goes further. This domain keeps SELinux enforcing (or AppArmor active), reads denials, and writes policy to confine services to exactly what they need.

SELinux & AppArmor: Confining Linux with MAC
Add Mandatory Access Control to Linux with SELinux and AppArmor. Keep SELinux enforcing, read denials, and fix policy instead of disabling it.

All posts in this series

SELinux & AppArmor: Confining Linux with MAC

Add Mandatory Access Control to Linux with SELinux and AppArmor. Keep SELinux enforcing, read denials, and fix policy instead of disabling it.

4/28/2026

selinuxapparmormacconfinement