Hacker News new | comments | show | ask | jobs | submit login

SELinux does not aim to protect or harden the kernel. SELinux aims to enforce a more complicated(maybe expressive), MAC policy on the filesystem and a few related objects. The SELinux threat model is helpless against a kernel vulnerability because it does not address application security.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact