Reading this ZDNet piece about upcoming releases from Novell and Red Hat, I see that Red Hat Enterprise Linux (RHEL) 4 is supposed to include Security-enhanced Linux (SELinux). This is not surprising, since Red Hat has used the last two Fedora Core releases to test SELinux. However, it's not clear that SELinux is quite ready for mass consumption.
For those not familiar with the technology, SELinux adds a different type of security model to Linux. The standard Linux/UNIX security model is Discretionary Access Control (DAC), based on permissions and ownership. For example, if you're logged into a Linux system as the root user, you can pretty much do anything on the system -- and so can any software that runs as root.
Apache is a good example of this. Apache and other services have to start as the root user in order to be able to bind to ports below 1024. (Apache runs on port 80.) You can configure Apache to switch users after doing so, but it's got full access to the system while running as root -- which means that if Apache is compromised somehow, it can do virtually anything on the system.
What if you want to limit Apache to binding to port 80 while running as root? Using the standard DAC model, you don't have that control. That's where SELinux comes in. SELinux implements Mandatory Access Control (MAC), which allows an administrator to set policies that govern all objects (this would include files, devices, etc.) and subjects (users and programs). In short, an admin can write a policy that grants permission to bind to port 80 without allowing any other nonsense. The concept of the all-powerful root user is done away with, which provides an opportunity for much-enhanced security on Linux systems.
I'm sold on SELinux's feature set. When well-configured, SELinux provides an additional layer of security that can make malware like the Santy worm a minor inconvenience, at worst.
However, SELinux is (to put it mildy) a little complex to learn and configure. Its policy syntax is arcane and its complexity is off-putting. In addition, setting new policies and modifying existing policies requires quite a bit of troubleshooting to get right. (A good example is excerpt from Bill McCarty's SELinux book.)
I'm sure Red Hat will ship RHEL 4 with a sane default policy, but it won't meet all organizations' needs. Given its complexity, it will be interesting to see how enterprise users react to SELinux, and whether it will be widely used.