1.6. Virtualization security features

SELinux

SELinux was developed by the US National Security Agency and others to provide Mandatory Access Control (MAC) for Linux. All processes and files are given a type and access is limited by fine-grained controls. SELinux limits an attackers abilities and works to prevent many common security exploits such as buffer overflow attacks and privilege escalation.

SELinux strengthens the security model of Red Hat Enterprise Linux hosts and virtualized Red Hat Enterprise Linux guests. SELinux is configured and tested to work, by default, with all virtualization tools shipped with Red Hat Enterprise Linux 6.

For more information on SELinux and virtualization, refer to Section 16.2, “SELinux and virtualization”.

sVirt

sVirt is a technology included in Red Hat Enterprise Linux 6 that integrates SELinux and virtualization. sVirt applies Mandatory Access Control (MAC) to improve security when using virtualized guests. sVirt improves security and hardens the system against bugs in the hypervisor that might be used as an attack vector for the host or to another virtualized guest.

For more information on sVirt, refer to Chapter 17, sVirt.