Linux · SELinux & AppArmor
A daemon already runs under its own restricted account with the right rwx permissions, yet you also want the kernel to stop it touching directories it has no business in even if it is hijacked. What extra layer provides this?
Sign in to see the full answer — free to start on the web.
This is one card from the KnowCard library. The full way to learn it — spaced-repetition review, progress tracking, and AI explanations — lives in the KnowCard app, free to start on the web. iOS & Android are coming soon.
Get started — it’s free