CME-303

SELinux Booleans (Restrictive)

Harden OS/Kernel Medium Confidence

Description

Fine-grained SELinux policy toggles that disable risky inter-domain interactions. Examples: httpd_can_network_connect=off prevents web servers from making outbound connections; container_manage_cgroup=off restricts container cgroup access.

CVSS Vector Impacts

Metric Transition Rationale
Scope (S) C U Disables specific cross-domain access paths

CWE Relationships

CWE-284

Verification

Check key SELinux booleans are set to restrictive values

$ getsebool httpd_can_network_connect
# Expected: httpd_can_network_connect --> off
Platform: rhel
← CME-302: SELinux Confined User Mapping CME-304: AppArmor (Enforcing Profile) →