New release of the LSM-based SELinux prototype
Source: NSA.gov - Posted by Benjamin D. Thomas   
SELinux The SELinux web site including the mail list archive has been updated. The site includes a new release of the LSM-based SELinux prototype. This release contains many bug fixes and improvements to both LSM and SELinux and is based on the . . . The SELinux web site including the mail list archive has been updated. The site includes a new release of the LSM-based SELinux prototype. This release contains many bug fixes and improvements to both LSM and SELinux and is based on the lsm-2001_09_23 patch against kernel 2.4.10. The release includes new and reworked hooks to control additional operations.

The policy now includes hwclock_t and ping_t domains for hwclock and ping (from David Wheeler,) an ipsec_t domain for the FreeSWAN IKE daemon and programs (from Mark Westerman,) and an httpd_t domain for Apache (from MITRE.) None of these has been extensively tested by the NSA SELinux team, and they may require some additional work. Note that we have not yet included any FreeSWAN or Apache components in the material distributed with SELinux.

We have chosen not to release patches to our previous patches. You will need a complete set of patches or the complete (already patched) source code. We believe that the patches to patches were not being utilized enough to justify the work to create them. If you would rather apply updates as patches to our previous patches, please notify me directly at the address below so we can gauge the interest.

--
Howard Holm
Secure Systems Research Office
National Security Agency

Only registered users can write comments.
Please login or register.

Powered by AkoComment!