SELinux
Security-Enhanced Linux – a Linux kernel module and userspace tools for stronger access controls in the kernel.
I won't pretend to know anything about SELinux, but as I've sometimes had to deal with it on Arch Linux, I've taken down some notes here.
Cheatsheet
# view a file's context
$ secon --file FILE
# change a file's type to 'bin_t'
$ sudo chcon -t bin_t FILE
# see recent 'avc' (= denial) audit events
$ sudo ausearch -ts recent -m avc -i