SElinux provides mandatory access controls that confine processes and restrict access between processes and files based on security contexts. It operates by default in enforcing mode, where no access is allowed unless explicitly granted by a policy rule. Users can view and manage security contexts, booleans that toggle rules, and troubleshoot issues using various GUI and command line tools.