tool

SELinux

SELinux (Security-Enhanced Linux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). It enhances system security by enforcing fine-grained permissions beyond traditional Unix discretionary access controls (DAC), such as file permissions and user/group ownership. SELinux operates by labeling system resources (e.g., files, processes) and defining rules that specify allowed interactions between these labeled entities.

Also known as: Security-Enhanced Linux, SELinux, selinux, SE Linux, SELinux policy
🧊Why learn SELinux?

Developers should learn and use SELinux when building or deploying applications on Linux systems that require enhanced security, such as in government, financial, or high-compliance environments. It is particularly useful for isolating services, preventing privilege escalation attacks, and enforcing least-privilege principles in multi-user or containerized setups. For example, it can restrict a web server process to only access specific files, even if the process is compromised.

Compare SELinux

SELinux vs ApparmorSELinux vs GrsecuritySELinux vs Smack

Learning Resources

📄
SELinux Project Wiki
docs
📄
Red Hat SELinux User Guide
docs
📝
SELinux Tutorial by DigitalOcean
tutorial
🎬
SELinux for Mere Mortals on YouTube
video
📚
SELinux Cookbook by Sven Vermeulen
book

Related Tools

Linux SecurityMandatory Access ControlsApparmorLinux KernelSystem Administration

Alternatives to SELinux

ApparmorGrsecuritySmack