Security-Enhanced Linux

related topics
{system, computer, user}
{law, state, case}
{math, number, function}
{theory, work, human}
{work, book, publish}
{company, market, business}
{group, member, jewish}
{style, bgcolor, rowspan}

Security-Enhanced Linux (SELinux) is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating system kernels, such as Linux and that of BSD. Its architecture strives to streamline the volume of software charged with security policy enforcement, which is closely aligned with the Trusted Computer System Evaluation Criteria (TCSEC, referred to as Orange Book) requirement for trusted computing base (TCB) minimization (applicable to evaluation classes B3 and A1) but is quite unrelated to the least privilege requirement (B2, B3, A1) as is often claimed.[citation needed] The germinal concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency.



Primarily developed by the United States National Security Agency, it was released to the open source development community under the GNU GPL on December 22, 2000 and merged into the mainline kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Secure Computing Corporation, Trusted Computer Solutions, and Tresys. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems.

Full article ▸

related documents
IP address spoofing
Context switch
Kendall Square Research
Intel 4004
Windows 98
Local area network
Lossy compression
Maximum transmission unit
Émile Baudot
User interface
Adobe Photoshop
MX record
Linear timecode
Xerox Network Services
Digital Private Network Signalling System
Apple III
VESA BIOS Extensions
Harvard architecture