2.5. Requirements

Due to the way SELinux must be embedded and directly affect the internal workings of any system it is installed on, it has many software requirements that must function together as a unified whole.

2.5.1. Kernel

SELinux requires a kernel component known as LSM, Linux Security Modules. This component is available as a patch to the 2.4 series of the Linux kernel, but is included in the main kernel tree of the 2.6 series.

2.5.2. Shared Library

The SELinux API is contained in a shared library which must be present on the system.

2.5.3. Filesystems and Extended Attributes

SELinux uses extended attributes to store security labels on each file. These extended attributes require the use of the ext2 or ext3 filesystems. The XFS filesystem is also known to work, but notably reiserfs is not compatible with these extended attributes.

2.5.4. User Utilities

Many common utilities need to be updated to either provide security context information or to take the filesystem extended attributes into account. See Chapter 3 for details on the specific utilities that need to be SELinux aware. These are linked against the SELinux shared library also required to be present on the system.

2.5.5. SELinux Policy

A functional compiled policy is required, since the default behavior of SELinux is to deny access unless an action is specifically allowed by the security policy. See Chapter 4 for more details about SELinux policy.