12 September 2023

With the update to Linux Kernel 6.6, SELinux breaks away from the NSA label

The update to Linux Kernel 6.6 removes all references to the NSA in SELinux, signaling its evolution as a community-driven security project.

SELinux, an acronym for Security Enhanced Linux, is an important security mechanism that has been integrated into the Linux kernel for about two decades. Despite the criticism and the tendency of some system administrators to disable it immediately after installing a new machine (“It's SELinux's fault”), this tool is one of the most sophisticated for system protection. It is particularly popular in Red Hat-based distributions, where it is used to protect machine workloads with a high degree of granularity.

Origins and Relationship with the NSA

One thing that many may not know is that SELinux was originally developed by the United States National Security Agency (NSA). Considering the function of this system, which is to protect data and services running on a Linux machine, the involvement of the national security agency seems almost obvious.

New Developments with the Linux Kernel 6.6

According to a recent report from Phoronix, the update to Linux Kernel 6.6 brought about a significant change: all references to the NSA within the source code have been removed. To be more specific, labels like “NSA SELinux Support” have been replaced by “SELinux Support”. This movement symbolizes SELinux's transition from an intelligence-related project to a community project.

This change is as significant as it is logical.

The pull request responsible for this change was made by Stephen Smalley, who "debranded" the SELinux section, removing any reference to the NSA name. Smalley justified his decision with the following words:

“We've come a long way from the original NSA submission and I would consider SELinux a true community project at this point so removing the NSA branding just makes sense.”

In translation, Smalley's words sound like this:

“We've come a long way since the NSA first introduced it and I would consider SELinux a true community project at this point, so removing the NSA branding just makes sense.”

It's been a long time since the NSA first introduced SELinux, and today the project has grown into a community-supported reality. Therefore, eliminating any references to the NSA in the source code is a logical and overdue step.

Insight into SELinux

SELinux works through a set of security policies that control access to files and execution of processes. It uses a label structure to ensure that only authorized processes have access to their respective system files and resources. In practice, this allows any intrusions or compromises to be contained, limiting the extent of the damage.

SELinux's effectiveness lies in its layered security model and its ability to apply granular policies. This makes it an extremely robust solution for organizations that need to protect sensitive data and critical applications.

For those who want to delve deeper into its functioning at a systemic level, we have talked about it in detail here: What is SELINUX?


With the arrival of Linux Kernel 6.6, SELinux finally breaks away from its NSA-related label, marking a new phase in its development as a community-driven security tool. Despite its roots, SELinux has earned its reputation as one of the most advanced and reliable Linux security tools, a go-to for system administrators interested in protecting their workloads.

Do you have doubts? Not sure where to start? Contact us

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.


Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.


ManagedServer.it is the leading Italian provider of high performance hosting solutions. Our subscription model is affordable and predictable, so customers can access our reliable hosting technologies, dedicated servers and the cloud. ManagedServer.it also offers excellent support and consulting services on Hosting of the main Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Magento.

Back to top