SELinux (Security-Enhanced Linux) is an implementation of a flexible mandatory, role-based access control architecture on Linux. It is primarily used to confine system processes.
SELinux (Security-Enhanced Linux) is an optional component of Linux that provides mandatory access control based on the FLASK architecture. It originated as an NSA project, but has been part of the mainline Linux kernel since version 2.6.0.
Questions about SELinux often straddle the border between security and functionality. If your point of view is that of a security professional (choosing a security policy, encoding a security policy in SELinux, …), ask here. If your point of view is that of a system administrator (setting up SELinux, getting a program to work with SELinux, …), ask on our sister site Unix & Linux.
SELinux provides mandatory access control, integrity controls, role-based access control with multilevel security. SELinux is primarily used to confine system processes (daemons), as writing a usable yet usefully restrictive policy for programs used by users is difficult.
SELinux assigns to each process and to each file a context consisting of a role, user (not related to Linux users) and a domain. Utilities such as ls and ps display SELinux contexts if the -Z flag is specified.
SELinux has been officially supported in RHEL since version 4.0 and Fedora since version 2. Other major distributions allow the use of SELinux but may not provide standard policies.
Other projects with a similar goal include:
