26.2.4.1 Targeted Policy

Applies access controls to a limited number of processes that are believed to be most likely to be the targets of an attack on the system. Targeted processes run in their own SELinux domain, known as a confined domain, which restricts access to files that an attacker could exploit. If SELinux detects that a targeted process is trying to access resources outside the confined domain, it denies access to those resources and logs the denial. Only specific services run in confined domains. Examples are services that listen on a network for client requests, such as httpd, named, and sshd, and processes that run as root to perform tasks on behalf of users, such as passwd. Other processes, including most user processes, run in an unconfined domain where only DAC rules apply. If an attack compromises an unconfined process, SELinux does not prevent access to system resources and data.

The following table lists examples of SELinux domains.

Domain

Description

init_t

systemd

httpd_t

HTTP daemon threads

kernel_t

Kernel threads

syslogd_t

journald and rsyslogd logging daemons

unconfined_t

Processes executed by Oracle Linux users run in the unconfined domain