Security-Enhanced Linux (SELinux) is a security project developed by the United States National Security Agency (NSA). It is a Linux Security Module (LSM) integrated in the Linux kernel, starting from 2.6.0 kernel release. It implements a mandatory access control (MAC) system to protect the environment. It specifies the policies of how users interact with the system. When a subject such as a process wants to request an action from a file, the SELinux security server check with the access vector cache (AVC) to grant access, thanks to a security policies database. It is an extra security layer on top of the normal Linux systems. The following is an illustration of a SELinux process workflow:
You can check the global ...