{"id":"selinux-complete-isolation-framework","text":"SELinux provides process and data isolation through the MAC framework (Type Enforcement + MCS category-based conjunction access control) complemented by polyinstantiation for per-user or per-security-level directory separation of shared paths like /tmp and /var/tmp.","truth_value":"IN","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"selinux-complete-isolation-framework","truth_value":"IN","reason":"premise"}]}}