Status: IN
SELinux provides process and data isolation through the MAC framework (Type Enforcement + MCS category-based conjunction access control) complemented by polyinstantiation for per-user or per-security-level directory separation of shared paths like /tmp and /var/tmp.