SELinux provides Flexible MAC
-
Flexible comprehensive mandatory access controls integrated
into the Linux kernel
-
Building on 10 years of NSA’s OS Security
research
-
Application of NSA’s Flask security
architecture
- Cleanly separates policy from enforcement using well-defined
policy interfaces
- Allows users to express policies naturally and supports
changes
- Fine-grained controls over kernel services
- Transparent to applications and users
-
Role-Based Access Control, Type Enforcement, optional
Multi-Level Security, easily extensible to other models
-
Highly configurable