SELinux - MAC
SELinux, with its Mandatory Access Control, provides several advantages over traditional operating systems based on Discretionary Access Control. With the principle of least privilege and through a security policy, SELinux prevents compromising an entire system due to the compromise of a single application running with what would otherwise be elevated privileges. Programs are placed into strongly isolated individual sandboxes, separating them from one another and from the underlying operating system. Furthermore, SELinux protects the integrity and confidentiality of data. By removing discretion from users, sensitive data can be protected from voluntary or accidental deletion, modification, and sharing.