What is SELinux and why is it important?
Developed by the NSA, it’s a series of Mandatory Access Controls (MAC) that employ a concept of least privilege for processes and tasks within the Linux architecture. The benefit of such policy controls is administrators can relegate the resources and actions of a task, to only those which it has been expressly allowed to do. As such, the passive, default status of any given process will be restricted unless defined otherwise, even if it’s under root user. This is important, because it compartmentalizes normally co-existing, overlapping processes that if breached, could spread to other nodes. Effective SELinux policies can help to negate such threats almost completely. Note: Traditionally, such policies have been difficult and time consuming to implement, making the adoption of SELinux relatively slow when contrasted with its monumental security advantages. Guardian Digital is one of the few companies that has utilized the power of SELinux, and coupled it with easily configurable polic
