Rootconf 2017

On service reliability


Living with SELinux

Submitted by Toshaan Bharvani (@toshywoshy) on Tuesday, 28 February 2017

Section: Full talk of 40 mins duration Technical level: Intermediate

View proposal in schedule


Security Enhanced Linux, is still disabled in many cases due to fact that most people do not take the time to understand how to work with SELinux. While in it’s current state SELinux has become very easy to manage and increases security on the overall system and most applications. The segregation of compartments increases the overall security impact and changes the way we can secure a system. In current versions of Enterprise Linux most common applications are predefined in SELinux policies and can be adjusted, by using the right booleans, however other applications can be added easily with the integrated tools, allowing you to run any custom application with SELinux enabled for that application. The presentation explains what SELinux is, how it works, and some practical
use cases. It will briefly show how to implement the predefined policies and how to generate custom policies.


  • Explain traditional Linux permissions
  • Explain SELinux Manditory Access Control system
  • Explain the mechanisms SELinux uses
  • Short examples on the common problems encountered when using SELinux
  • How to understand SELinux problems
  • How to solve the most common SELinux problems using booleans
  • How to generate SELinux custom policies


Basic Linux knowledge

Speaker bio

Toshaan Bharvani is a IT consultant, currently self-employed at VanTosh,
with a interest in Open Source Software and IT Hardware. He started his
IT interest at the age of 5, when his father gave him his first own PC
components. Ever since he has been interested in IT hardware and IT
software. In business, he tends to combine higher level applications
with lower level systems. Toshaan has been involved for some time now in
some open source projects and communities.



  • Zainab Bawa (@zainabbawa) 2 years ago

    Is this a proposal for a tutorial, or will you explain SELinux scenarios?

  • Zainab Bawa (@zainabbawa) 2 years ago

    Toshan, please share link to draft slides and preview video explaining what this talk is about, and why should the audience attend it.

  • Toshaan Bharvani (@toshywoshy) Proposer 2 years ago


    1) I have given a tutorial on SELinux, but I was thinking of only given a presentation, as I do not know if there is an interest for a full tutorial.
    The presentation goes over the basic Linux security from discrete to MAC and further in details on common SELinux problems, how to use the builtin tools, or even create simple policies.

    2) The slides are based upon my previous presentations, I will be updating again.

Login with Twitter or Google to leave a comment