SELinux Features:
- Restricts access by subjects (users and/or processes) to objects (files)
- Provides Mandatory Access Controls (MACs)
- MACs extend Discretionary Access Controls (DACs (Standard Linux Permissions))
- Stores MAC permissions in extended attributes of file systems
- SELinux provides a way to separate: users, processes (subjects), and objects, via labeling, and monitors/controls their interaction
- SELinux is integrated into the Linux kernel
- Implements sandboxes for subjects and objects
- Default RH...