“First released to the public in January 2001, Security-Enhanced Linux (SELinux) is a research project from the U.S. National Security Agency (NSA) that seeks to enhance the open source Linux kernel: to provide greater protection against corruption; to prevent the bypassing of application security procedures; and to mitigate the destruction caused by malicious or defective applications.

Normal Linux vs. SELinux
Normal Linux system security relies on the kernel and the dependencies created through the setuid/setgid binaries. Under the conventional security mechanism, an exploit of a flaw with any privileged application, configuration, or process running usually leads to a total system compromise. This problem is consistent with most modern operating systems due to their complexity and interoperability with other applications.

SELinux relies solely on the kernel and the security configuration policy. Once you configure the security system correctly, improper application configuration or exploits of flawed applications and daemons will only result in compromising the user program and its system daemons. The security of other user programs and daemons remains intact, along with the underlying security system structure.

In simpler terms: No single application configuration flaw or exploit can result in a total system compromise.

…You must have an existing Linux system to compile your new kernel and access to unmodified system packages.”