"There is a lot of (mostly uninformed) buzz around SELinux
(Security Enhanced Linux); it is touted as doing all kinds of
wonderful things that it probably doesn't do. It's not a good idea
to leap into implementing a complex security application like
SELinux without understanding what it's for and how it works, so
we're going to start with the basics. Then we'll look at how to use
it, and actually understand what we're doing.
"SELinux began as a research project by the NSA (National
Security Administration). The old model of reacting only to known
threats has a glaring, obvious weakness: You're going to get beat
up a lot. The idea behind SELinux is to protect a system from the
unknown, and to close the door on zero-day exploits..."