- SELinux provides Mandatory Access Control (MAC)
- Developed by NSA
- Supported in RedHat, Fedora, CentOS
- It gives access control in addition to the standard Linux file permissions
- It limits the resources a program can access - even if running as root
- Protects against zero-day vulnerabilities
