NSA Security-Enhanced Linux
	NSA Security-Enhanced Linux web page

NSA Security-Enhanced Linux (also known as "SElinux" or "NSA Linux") is a prototype of the Linux kernel and a number of utilities with enhanced security functionality which implement "mandatory access controls". The Security-Enhanced Linux kernel enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs. When confined in this way, the ability of these user programs and system daemons to cause harm when compromised (via buffer overflows or misconfigurations, for example) is reduced or eliminated. This confinement mechanism operates independently of the traditional Linux access control mechanisms.

The security mechanisms implemented in the system provide flexible support for a wide range of security policies. They make it possible to configure the system to meet a wide range of security requirements.

Because the core of the operating system software has been extensively revised in Security-Enhanced Linux, thorough and precise security controls can be enforced. But accidental access control misconfiguration issues can sometimes be rather challenging to diagnose and resolve.

SecurityAppraisers® can provide assistance and expertise with application deployment on NSA Linux platforms.