SELinux, or Security-Enhanced Linux, is a Linux security module that adds mandatory access control (MAC) on top of normal file permissions. Instead of trusting a process just because it has the right user ID, SELinux can restrict what that process may read, write, execute, or connect to based on policy. This makes it harder for a compromised service to act outside its intended role.
In cyber security, SELinux matters because many attacks succeed only after an initial foothold is expanded into broader control. Strong SELinux policy can block exploit chains, limit container breakouts, and reduce the impact of privilege-escalation bugs by confining processes to narrow domains. Defenders use it as a layered control: it is not a substitute for patching, but it can prevent vulnerable or abused code paths from reaching sensitive files, devices, or kernel interfaces.