The main purpose of this chapter is to introduce you to SELinux terms and concepts helpful in the installation and initial configuration of SELinux, which is covered in Chapter 3. This chapter presents an overview of the security model implemented by SELinux, which is based on the Flask architecture designed by the NSA. (SELinux is ultimately grounded on principles that have guided the design and administration of highly secure military systems for decades, such as those described in the so-called "Orange Book." [1] ) Because of this chapter's practical aim, its emphasis is on basic Flask and SELinux concepts and terms. Chapter 5 explains the SELinux security model in greater detail. In addition to providing an overview of SELinux functions, Chapter 5 provides an overview of SELinux architecture, describing each major SELinux component.
[1] DoD Trusted Computer System Evaluation Criteria (DoD 5200.28-STD), available from the U.S. National Institute of Standards, http://csrc.nist.gov/secpubs/rainbow/nsaorder.txt.