Translations:SELinux/2/en

With SELinux, which works alongside the standard discretionary access control system (the DAC system is first checked and only when this would allow an activity, then SELinux is queried as well), processes run inside what it calls a domain. Privileges are then assigned to a domain to define the allowed interactions with other resources (be it processes, other domains, files, sockets, capabilities, file contexts, semaphores, messages, ...).