Linux security module that restricts application capabilities, enforces mandatory access controls, and reduces system exposure through policy-based protections.