Editing Security-Enhanced Linux (section)

==Overview==
The NSA Security-enhanced Linux Team describes NSA SELinux as<ref>{{cite web |archive-url=https://web.archive.org/web/20201022103915/https://www.nsa.gov/what-we-do/research/selinux/|archive-date=2020-10-22|url=https://www.nsa.gov/what-we-do/research/selinux/ |title=Security-Enhanced Linux - NSA/CSS |publisher=National Security Agency |date=2009-01-15 |access-date=2021-04-21}}</ref>

<blockquote>a set of [[patch (computing)|patches]] to the [[Linux kernel]] and utilities to provide a strong, flexible, mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering, and bypassing of application security mechanisms, to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of sample security policy configuration files designed to meet common, general-purpose security goals.</blockquote>

A Linux kernel integrating SELinux enforces mandatory access control policies that confine user programs and system services, as well as access to files and network resources. Limiting privilege to the minimum required to work reduces or eliminates the ability of these programs and [[daemon (computing)|daemons]] to cause harm if faulty or compromised (for example via [[buffer overflow]]s or misconfigurations). This confinement mechanism operates independently of the traditional Linux ([[discretionary access control|discretionary]]) access control mechanisms. It has no concept of a "root" [[superuser]], and does not share the well-known shortcomings of the traditional Linux security mechanisms, such as a dependence on [[setuid]]/[[setgid]] binaries.

The security of an "unmodified" Linux system (a system without SELinux) depends on the correctness of the kernel, of all the privileged applications, and of each of their configurations. A fault in any one of these areas may allow the compromise of the entire system. In contrast, the security of a "modified" system (based on an SELinux kernel) depends primarily on the correctness of the kernel and its security-policy configuration. While problems with the correctness or configuration of applications may allow the limited compromise of individual user programs and system daemons, they do not necessarily pose a threat to the security of other user programs and system daemons or to the security of the system as a whole.

From a purist perspective, SELinux provides a hybrid of concepts and capabilities drawn from mandatory access controls, [[mandatory integrity control]]s, [[role-based access control]] (RBAC), and [[type enforcement architecture]]. Third-party tools enable one to build a variety of security policies.