AO SELinux

project: current stablemanagement: productionpackaging: active
java: >= 6semantic versioning: 2.0.0license: LGPL v3

Java API for managing Security-Enhanced Linux (SELinux).

Features

  • Clean programmatic access to semanage.
  • Implementation of semanage port commands:
    • Easily reconfigure all ports for a given SELinux type.
    • Automatically coalesces adjacent port ranges.
    • Presents a single cohesive view of all ports, hiding the nuance and complexity of the interactions between default policy and local policy.
    • Supports seamlessly overriding default policy.
    • Detects conflicts in local policy between different SELinux types.
  • Small footprint, minimal dependencies - not part of a big monolithic package.

Motivation

While migrating our servers to CentOS 7 we are running with SELinux in enforcing mode. Our server configuration process, AOServ Daemon, is written in the Java programming language. We desire a clean interface to SELinux without having to operate with semanage and other commands directly.

Evaluated Alternatives

We were unable to find any existing implementations via GitHub, The Central Repository, or Google Search.