SELinux is a strong and ﬂexible Mandatory Access Control (MAC) framework for Linux. It is based on many years research on secure operating systems by the NSA, and integrated into the Linux kernel via the Linux Security Modules API. SELinux makes it virtually impossible for unauthorized users or programs to take control over processes, files or hardware, thereby preventing unauthorized access to important information. All security relevant accesses between subjects and objects are strictly controlled according to a dynamically loaded mandatory security policy. Clean separation of enforcing mechanism and security policy provides considerable ﬂexibility in the implementation of security goals for the system, while fine granularity of control ensures complete mediation.
Any number of different security models may be combined by SELinux, with their complete effect being fully analysable. The default SELinux implementation is currently composed of the following security models:
These complement the standard Linux Discretionary Access Control (DAC) scheme.
We provide SELinux solutions for any organization's computer infrastructure to prevent exploitation by all forms of malicious code, to ensure system integrity and that data is processed as required.
Our offers include: