SELinux (Security-Enhanced Linux) is an implementation of a flexible role-based, mandatory access control (MAC) architecture on Linux through kernel modifications and user-tools. It is primarily used to confine system processes and users beyond the basic Discretionary Access Controls (DAC) mechanism or access-control list found on *nix systems.
SELinux (Security-Enhanced Linux) is an optional component of Linux that provides mandatory access control based on the FLASK architecture. It originated as an NSA project, but has been part of the mainline Linux kernel since version 2.6.0.
Questions about SELinux often straddle the border between security and functionality. If your point of view is that of a system administrator (setting up SELinux, getting a program to work with SELinux, …), ask here. If your point of view is that of a security professional (choosing a security policy, encoding a security policy in SELinux, …), ask on our sister site IT Security.
SELinux provides mandatory access control, integrity controls, role-based access control with multilevel security. SELinux is primarily used to confine system processes (daemons), as writing a usable yet usefully restrictive policy for programs used by users is difficult.
SELinux assigns to each process and to each file a context consisting of a role, user (not related to Linux users) and a domain. Utilities such as ls and ps display SELinux contexts if the -Z flag is specified.
SELinux has been officially supported in rhel since version 4.0 and fedora since version 2. Other major distributions allow the use of SELinux but may not provide standard policies.
Generic SELinux questions
How do I configure SELinux to allow daemons to use files in non-default locations?
Is it possible to prevent a change in SELinux status without a reboot?
