ConfDroid Puppet Modules - Selinux

Introducing confdroid_selinux: Declarative SELinux Management for Your Rocky 9 Servers Security-Enhanced Linux (SELinux) is one of the most powerful built-in defenses on modern Linux systems. Unlike traditional permission-based security (user/group/other), SELinux adds mandatory access control (MAC) at the kernel level. It labels every process, file, directory, and network port with a security context and enforces strict policies that say exactly what each subject is allowed to do with each object — no matter what the file permissions say. This means even if an attacker gains root or tricks a service into writing a malicious file, SELinux can still block the attack because the file simply doesn’t have the right context. Many enterprise Linux distributions enable SELinux by default in enforcing mode on fresh installs: Rocky Linux 9 AlmaLinux 9 Red Hat Enterprise Linux (RHEL) 9 Fedora On these systems, SELinux is not an afterthought — it’s a core part of the security model. How SELinux S