This section will serve as an overview of Security Enhanced Linux (SELinux). In the Working with file permissions section, we discussed how standard Linux provides protection for the system. This method is called Discretionary Access Control ( DAC ), and has some limitations. For example, a typical user could open his files up, either accidentally or on purpose, for any other user to read or write. This could allow unauthorized access to sensitive information. To provide more security, SELinux uses MAC ( Mandatory Access Control ). MAC uses a security policy that covers all processes and files in the system. All files in SELinux have labels that contain security-relevant information. ls -la ifcfg-eth0 -rw-r--r--. 1 root root 73 Apr 22 2011 ifcfg-eth0 Same file, but with the Z (security context) option to ls: ls -Z ifcfg-eth0 -rw-r--r--. root root unconfined_u:object_r:default_t:s0ifcfg-eth0 unconfined_u is the user , object_r is the role , default_t is the ...