SELinux and MACs resolve this issue by both confining privileged processes and automating security policy creation. But if security has been compromised, so too has the system. Root access on a DAC system gives the person or program access to all programs and files on a system.Ī person with root access should be a trusted party. Traditionally, the command sudo gives a user the ability to heighten permissions to root-level. The difference between DAC and MAC is how users and applications gain access to machines. SELinux was developed as a replacement for Discretionary Access Control (DAC) that ships with most Linux distributions. SELinux is a Mandatory Access Control (MAC) system, developed by the NSA.
