SELinux, Security-Enhanced Linux, is a feature that provides that provides Manditory Access Control (MAC) in Linux. This mechanism provides access control through security policies enforced by the Linux Security Modules (LSM), which runs as a Linux kernel module. SELinux is not a Linux distribution, but rather a set of kernel modifications and user-space tools that can be added to various Linux distributions It creates compartments for each process, socket, file and user to allow seperation and isolation to each compartment.

Here are some of the features of SELinux :

• Labels as the main way to allocate security rules
• Separation of policy from enforcement
• Manditory quering of application policy enforcing access control
• Support for policy changes and custom policy
• Separate measures for protecting system integrity (domain-type) and data confidentiality (multilevel security)
• Control over process initialization and inheritance and program execution
• Control over file systems, directories, files, and open file descriptors
• Control over sockets, messages, and network interfaces
• Cached information on access-decisions using Access Vector Cache (AVC)

It has been integrated into the mainline Linux kernel and into most commonly used Enterprise Linux distributions.