9
What can't SELinux protect against?
●
Kernel vulnerabilities, in general.
●
Although it may block exploitation of specific
vulnerabilities. We'll see an example later.
●
Other kernel hardening measures (e.g. grsecurity)
can be used in combination with SELinux.
●
Anything allowed by the security policy.
●
Good policy is important.
●
Application architecture matters.
–
Decomposition, least privilege.