Security Enhanced Linux (SELinux)
Introduction SELinux is an implementation of MAC (Mandatory Access Controls) over LSM (Linux Security Modules) in Linux Kernel. SELinux, originally developed by N.S.A. (National Security Agency) allows applications to be confined by the kernel. Inside that “confined area”, much more grained than a standard chroot (system where basic executables are copied to another folder in order to have a small subsystem isolated from real system. The drawback is that a small subsystem could have enough utilities to reveal private information from our internal network),in which we can allow only certain operations, for example: adding information to a file, read from a directory but not writing, even just for one file in a standard directory, etc… ...