- Abbreviations and Terminology
- SELinux Overview
- Core Components
- Mandatory Access Control (MAC)
- SELinux Users
- Role-Based Access Control (RBAC)
- Type Enforcement (TE)
- Security Context
- Subjects
- Objects
- Computing Security Contexts
- Computing Access Decisions
- Domain and Object Transitions
- Multi-Level and Multi-Category Security
- Types of SELinux Policy
- Permissive and Enforcing Modes
- Auditing Events
- Polyinstantiation Support
- PAM Login Process
- Linux Security Module and SELinux
- Userspace Libraries
- Networking Support
- Virtual Machine Support
- X-Windows Support
- SE-PostgreSQL Support
- Apache-Plus Support
- SELinux Configuration Files
- SELinux Policy Languages
- CIL Policy Language
- Kernel Policy Language
- Policy Configuration Statements
- Default Rules
- User Statements
- Role Statements
- Type Statements
- Bounds Rules
- Access Vector Rules
- Extended Access Vector Rules
- Object Class and Permission Statements
- Conditional Policy Statements
- Constraint Statements
- MLS Statements
- Security ID (SID) Statement
- File System Labeling Statements
- Network Labeling Statements
- InfiniBand Labeling Statements
- XEN Statements
- Modular Policy Support Statements
- The Reference Policy
- Hardening SELinux
- Implementing SELinux-aware Applications
- Embedded Systems
- SE for Android
- Appendix A - Object Classes and Permissions
- Appendix B - libselinux API Summary
- Appendix C - SELinux Commands
- Appendix D - Debugging Policy - Hints and Tips
- Appendix E - Policy Validation Example