Im want to configure server based of course on Centos 7. Im still wondering how SElinux can protect against some exploits/bufferoverflow etc.
I made a test with PaXTest with user mapped and unmapped to user_u.
getsebool:
Code: Select all
selinuxuser_execheap --> on
selinuxuser_execmod --> on
selinuxuser_execstack --> on
Code: Select all
selinuxuser_execheap --> off
selinuxuser_execmod --> off
selinuxuser_execstack --> off
As u can see there are many diffrences and what do you think about it mean exploits etc...