sVirt – SELinux and virtualization
Security-Enhanced Linux (SELinux) is a Linux module that was originally developed by the United States National Security Agency (NSA) in 1998, and that has been part of the main Linux Kernel since 2.6.0 since August 2003. Since then, Red Hat, Secure Computing Corporation, and many other companies have helped improve it.
SELinux implements MAC architecture directly in the Linux Kernel, limiting user access to all resources: files, network devices, or any other kind of resource. SELinux integrates with the standard UNIX DAC system but works differently. In fact, it does not recognize root as a privileged user, neither does it accept any shortcoming that has been built to help pass security limitations in the UNIX DAC (for example, the setuid and the setgid systems). To identify who can do what, each resource has an SELinux context that looks like this:
system_u:object_r:httpd_sys_content_t:s0
It is composed of a user (system_u), a role (object_r), a type...
