Welcome to the SELinux community’s documentation website. This is the central source for SELinux upstream documentation. Pardon our dust, this page is still under construction.
SELinux is flexible Mandatory Access Control (MAC) for Linux. Today SELinux is an optional component of the mainline Linux kernel and has been integrated into a wide variety of Linux distributions and into Android. SELinux can be used to enforce system security policies over processes, files, sockets, and other objects, both kernel objects and some middleware or application layer objects.
Getting Started
Are you here just to fix a SELinux denial? Then go to Fix Policy Problems and see if that solves your problem for you.
A quick intro to SELinux concepts can be found in The SELinux Coloring Book.
Some user-oriented tutorials on SELinux are linked below.
-
Demystifying SELinux, 2013 OSCON.
-
Demystifying SELinux Part Two, 2014 OSCON.
-
Security-Enhanced Linux for Mere Mortals, 2018 Red Hat Summit.
The easiest way to get started with using or developing SELinux is to install a Linux distribution that supports it out of the box. Below are links to distribution-specific SELinux documentation, sorted alphabetically.
- Android SELinux documentation
- Debian SELinux documentation
- Fedora SELinux Getting Started Guide
- Gentoo SELinux documentation
- openSUSE SELinux documentation
- Red Hat Enterprise Linux Using SELinux Guide
- SUSE Linux Enterprise Server SELinux documentation
- Ubuntu SELinux documentation
Developer Information
General
- The SELinux Notebook is an upstream technical reference on SELinux, both kernel and userspace.
- Presentations and Papers provides links to a number of technical SELinux presentations and papers spanning its development.
Kernel developers
- SELinux kernel README
- SELinux kernel wiki
- SELinux kernel Getting Started guide
- Paul Moore’s blog (SELinux kernel maintainer)
- Linux kernel documentation
- Linux source code cross referencer