Security-Enhanced Linux (SELinux) is a security enhancement to Linux that provides a mechanism for enforcing the security of the system. Under SELinux, programs are run inside a sandbox and follow the principle of least privilege, in which programs are limited to set of necessary operations.
SELinux is an implementation of mandatory access controls (MAC) on Linux. Mandatory access controls allow an administrator of a system to define how applications and users can access different resources such as files, devices, networks and inter-process communication.
With SELinux an administrator can differentiate a user from the applications a user runs.
Key Features
- Uses multiple security models.
- Clean separation of policy from enforcement.
- Type enforcement to enforce mandatory access control.
- Well-defined policy interfaces.
- Support for applications querying the policy and enforcing access control (for example, crond running jobs in the correct context).
- Support for on-the-fly sandboxing of applications, including X applications.
- Independent of specific policies and policy languages.
- Independent of specific security label formats and contents.
- Individual labels and controls for kernel objects and services.
- Caching of access decisions for efficiency.
- Support for policy changes.
- Support for MLS/MCS translations.
- Separate measures for protecting system integrity (domain-type) and data confidentiality (multilevel security).
- Very flexible policy.
- Label substitution.
- Virtual machine labeling.
- Per-service seuser support.
- Persistent dontaudit flag.
- Controls over process initialization and inheritance and program execution.
- Controls over file systems, directories, files, and open file descriptors.
- Controls over sockets, messages, and network interfaces.
- Controls over use of “capabilities”.
Website: github.com/SELinuxProject/selinux
Support:
Developer: Initial developer:United States National Security Agency; many other contributors
License: GNU General Public License
SELinux is written in C. Learn C with our recommended free books and free tutorials.
Related Software
| MAC/RBAC Tools | |
|---|---|
| SELinux | Security enhancement to Linux |
| AppArmor | Linux Security Module implementation of name-based access controls |
| RSBAC | Patch adding several mandatory access models to the Linux kernel |
| grsecurity | Innovative set of patches for the Linux kernel |
| TOMOYO Linux | Lightweight and easy-use Mandatory Access Control |
Read our verdict in the software roundup.
 Explore our comprehensive directory of recommended free and open source software. Our carefully curated collection spans every major software category.This directory is part of our ongoing series of informative articles for Linux enthusiasts. It features hundreds of detailed reviews, along with open source alternatives to proprietary solutions from major corporations such as Google, Microsoft, Apple, Adobe, IBM, Cisco, Oracle, and Autodesk. You’ll also find interesting projects to try, hardware coverage, free programming books and tutorials, and much more. Know a useful open source Linux program that we haven’t covered yet? Let us know by completing this form. |