SECURITY: NSA Security-enhanced Linux updated

From: Howard Holm (hdholm_at_epoch.ncsc.mil)
Date: 03/12/04

  • Next message: Frederick Noronha (FN): "Reports from Spain... and Namibia" 
    Date: Fri, 12 Mar 2004 12:35:13 CST

    The SELinux web site <http://www.nsa.gov/selinux/> including the mail
    list archive has been updated. The site includes a new release of the
    SELinux prototype. Experimental SELinux NFS code has been made
    available. The base kernel version for 2.4 has been updated to 2.4.25.
    The base version for 2.6 remains 2.6.3, but the SELinux patch has been
    updated. Among the improvements in this release: Fine-grained boolean
    labeling support has been merged. The userspace AVC has been enhanced to
    handle netlink selinux notifications. MLS improvements have been merged
    as well as updates to slat and the example policy.

    Security-enhanced Linux incorporates a strong, flexible mandatory
    access control architecture into the major subsystems of the Linux
    kernel. The system provides a mechanism to enforce the separation of
    information based on confidentiality and integrity requirements. This
    allows threats of tampering and bypassing of application security
    mechanisms to be addressed and enables the confinement of damage that
    can be caused by malicious or flawed applications. The SELinux web
    site <http://www.nsa.gov/selinux/> contains background information,
    documentation, source code, and archives for the selinux mailing-list. 

    -- 
Howard Holm <hdholm@epoch.ncsc.mil>
Office of Defensive Computing Research
National Security Agency
##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION.  #
# This group is archived at http://stump.algebra.com/~cola/              #
##########################################################################
  • Next message: Frederick Noronha (FN): "Reports from Spain... and Namibia"

    Relevant Pages

    • SECURITY: NSA Security-enhanced Linux updated
      ... The SELinux web site including the mail ... The updated kernel patches include support ...
      (comp.os.linux.announce)
    • Re: [RESEND][RFC][PATCH 2/7] implementation of LSM hooks
      ... Would there be a reason to implement floating labels in SELinux? ... In this case fireflier would need to do only this: ... To have all tasks assigned a security structure, ... * A task has accessed this file, add the task's SID to the group SID of ...
      (Linux-Kernel)
    • Re: ssh -X shop problem...
      ... outside security is delegated to the x86 version of DD-WRT. ... If this install would have Just Workedfrom the gitgo, ... Then yesterday there was a whole gaggle of selinux related stuff that yum ... PAM security session: Success ...
      (Fedora)
    • Re: Root access removed
      ... >>A little bit if time spent on education is much better in the long run ... >proper rennet mixture for curdling, oleo versus diary mixture to meet USDA ... >This is again where a well-configured SELinux setup will solve many problems. ... >technologies should be thought of as ways to improve both security of the ...
      (Fedora)
    • Re: Penalty of SELinux?
      ... Debian has SELinux, although Ubuntu now has ... security, in my opinion -- since it is oh so very easily ... People in the security field believe that pathnames are an ... used for DAC. ...
      (Debian-User)