This chapter explains the what and why of SELinux. It begins by describing the threat environment and why the prevalent model of security ”patching against known vulnerabilities ”is inadequate. The chapter goes on to describe several security mechanisms designed to protect against both known and unknown vulnerabilities. The chapter then presents an overview of SELinux, describing its main features, capabilities, and history. The chapter concludes with a survey of resources helpful to SELinux users.
