“SELinux uses mandatory access controls to enforce the
separation of information based on confidentiality and integrity
requirements to provide system security. SEL uses a flexible
mandatory access control architecture based on Type Enforcement, a
mechanism first developed for the LOCK system. The architecture was
transferred to the University of Utah’s Fluke research operating
system. At this point, the architecture was changed to provide
better support for dynamic security policies, and the architecture
was renamed Flask. This is what is used in SEL.”
“In the Flask architecture, the security policy logic is
encapsulated within a separate component of the operating system
with a general interface for obtaining security policy decisions.
This separate component is referred to as the security server,
which is a kernel subsystem in SEL. Other subsystems are called
object managers. Flask specifies the interfaces provided by the
security servers to object managers. This way, the object managers
can remain independent of the specific security policy that is
used. SEL’s security server has a security policy that combines
Type Enforcement, role-based access controls (RBAC) and multi-level
security. One can specify which combination of the above methods is
desired with a policy language configuration file. This is compiled
into a binary representation that is read by the security server at
boot time.”
“This is an entirely different way to handle access
permissions, compared to the user/privilege model most UNIX systems
currently use. SEL could implement that model along with a
granularity that could modify user privileges based on the
specifics of what is being executed and what files are being used.
Pretty powerful stuff.”
Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.
LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.