Status: IN
SELinux on RHEL 9 provides a mandatory access control framework: layered enforcement (DAC → Type Enforcement → MCS), full mode lifecycle management (install-default enforcing → runtime toggle → persistent config → safe re-enable procedure), and fine-grained category-based isolation (1024 categories, conjunction access rule, post-DAC/TE evaluation).