Red Hat Security Enhanced Linux (SELinux) – provides an additional layer of system security. SELinux fundamentally answers the question: „May <subject> do <action> to <object>“, for example: „May a web server access files in users‘ home directories?“. The standard access policy based on the user, group, and other permissions, known as Discretionary Access Control (DAC), does not enable system administrators to create comprehensive and fine-grained security policies, such as restricting specific applications to only viewing log files, while allowing other applications to append new data to the log files