[ Thanks to Jason
Greenwood for this link. ]
“First released to the public in January 2001, Security-Enhanced
Linux (SELinux) is a research project from the U.S. National
Security Agency (NSA) that seeks to enhance the open source Linux
kernel: to provide greater protection against corruption; to
prevent the bypassing of application security procedures; and to
mitigate the destruction caused by malicious or defective
applications.“Normal Linux system security relies on the kernel and the
dependencies created through the setuid/setgid binaries. Under the
conventional security mechanism, an exploit of a flaw with any
privileged application, configuration, or process running usually
leads to a total system compromise. This problem is consistent with
most modern operating systems due to their complexity and
interoperability with other applications…”