Which SELinux policy is the most common?

The targeted policy is the most common SELinux policy used in many Linux distributions. This policy allows certain services and applications to run with enhanced security controls while keeping the overall system operation more permissive than a strict policy. It essentially focuses on protecting specific daemons and processes that are considered to be at a higher risk of being exploited, while leaving the rest of the system in a more lenient state.

This approach strikes a balance between security and usability, making it an attractive choice for many system administrators. The targeted policy operates by defining security contexts for specific processes and limiting their access to system resources only to what is necessary for those processes to function. This containment helps to mitigate potential security risks without overly restricting user operations or requiring extensive policy management.

In contrast, other policies like strict enforce a comprehensive security model across the entire system, which can be more complex to manage and may lead to a higher number of denied operations if not finely tuned. Options like minimal and base do not exist as recognized SELinux policies in the same way the targeted and strict policies do, making them less relevant in this context.