
	Where results make sense

Topic: SELinux

Related Topics

Coleus

Ammianus

Meteorite

Hainan

Goth

Poirot

North Atlanta, Georgia

Face

Ironman

Iliad

Shangyuchem

Gers

Adeona

President of Russia

President of Chile

In the News (Thu 24 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	SELinux - Debian Wiki
		SELinux was initially a project to port the work developing a mandatory access control architecture done by the National Security Agency (NSA) and the Secure Computing Corporation (SCC) on the Mach and Fluke OS's to Linux.
		The SELinux support is in constant flux, so it is generally recommended that you use an up-to-date installation of unstable if you want to experiment with SELinux (for instance, the Debian packaged kernels did not include "audit" support until version 2.6.13).
		Alioth repository, mainly with backports of SELinux to Sarge.
	wiki.debian.org /SELinux (250 words)

	Networking in NSA Security-Enhanced Linux
		SELinux uses this hook to verify that the NET_ADMIN capability was copied to the packet during transmission and, thus, whether the sending process had the capability.
		SELinux also is able to determine with the selinux_netlink_send hook whether messages on certain types of Netlink sockets are read or write operations and then apply the nlmsg_read or nlmsg_write permissions, respectively.
		An earlier version of SELinux used IP options to label packets, although it was dropped before merging with the upstream kernel as the hooks it needed were too invasive.
	www.intercode.com.au /jmorris/selinux-networking-lj.html (2852 words)

	Kernel Korner - Filesystem Labeling in SELinux
		In SELinux, important objects, such as tasks, inodes and files are assigned a security context, a label that encapsulates the security attributes associated with an object.
		SELinux has hooks located at strategic points within the core kernel code, such as the point where a file is about to be read by a user.
		During an SELinux system installation, the setfiles(8) utility typically is used to label all of the files in filesystems that support EA security labeling.
	www.linuxjournal.com /node/7426/print (3120 words)

	Security-Enhanced Linux - Wikipedia, the free encyclopedia
		Security-Enhanced Linux (SELinux) is an implementation of mandatory access control using Linux Security Modules (LSM) in the Linux kernel, based on the principle of least privilege.
		A Linux kernel integrating SELinux enforces mandatory access control policies that confine user programs and system servers to the minimum amount of privilege they require to do their jobs.
		Note that administrators specify paths as part of SELinux configuration (mapping pathname regular expressions to file security contexts in the file_contexts configuration) and as arguments to utilities like chcon that are analogous to chown/chmod.
	en.wikipedia.org /wiki/SELinux (1092 words)

	Linux.com \| SELinux: Playing with fire (Site not responding. Last check: 2007-10-13)
		SELinux started life in early 1990s as Flask, a secure architecture for a secure OS, and prototyped in the Fluke operating system, the result of a joint effort by the U.S. National Security Agency, Secure Computing Corp., and the University of Utah's Flux research group.
		SELinux needs a policy to determine whether a requested operation is to be allowed or not.
		SELinux uses three security attributes: user identity (the SELinux user account), role (a set of permissions for users), and type (groups of related subjects and objects).
	security.linux.com /security/05/01/25/1423211.shtml (1556 words)

	Installing SELinux on Fedora / RedHat (Site not responding. Last check: 2007-10-13)
		Of the other SELinux patches, the most critical patches are the ones for init (sysvinit-selinux.patch), pam (pam-selinux.patch), sshd (openssh-selinux.patch), and crond (vixie-cron-selinux.patch).
		The SELinux wrappers for programs that modify /etc/passwd and /etc/shadow (in order to preserve their security contexts and to ensure that uid 0 cannot arbitrarily change other users' information) have been reimplemented as direct patches to various packages (util-linux, shadow-utils, passwd, libuser, pam, pwdb, etc).
		A core set of SELinux patches and SRPMs that include them are available in the patches and SRPMS subdirectory for reference; these packages are from the Fedora Core Development tree.
	www.crypt.gen.nz /selinux/install_fedora.html (2807 words)

	LWN: First SELinux impressions
		SELinux introduces new layers of security, enforced by the kernel, in addition to the standard Discretionary Access Control (DAC) model that Linux users are already familiar with.
		SELinux FAQ notes that SELinux decreased performance by 7% for "completely untuned code" when SELinux was last tested and may have become worse due to changes made since then.
		I'm sure that SELinux will be a great benefit in some areas, but the complexity (necessary as it is) still concerns me. Both from a configuration standpoint (though again, good defaults could go a long way), and from a code-complexity standpoint (more complex code being prone to more bugs).
	lwn.net /Articles/79425 (1890 words)

	Think before deploying Security-Enhanced Linux in RHEL 4
		SELinux is an open source project sponsored by the National Security Agency, to help implement mandatory access control.
		In SELinux, privileges are specified rather then relying on the typical Unix/Linux method of doing things, which is by user and group.
		This shows that SELinux is running (and enabled), the mount point for this file system, the mode that I am running in (permissive mode) and the policy version, which shows the version that is supported by the kernel.
	searchopensource.techtarget.com /tip/0,289483,sid39_gci1082560,00.html (1138 words)

	selinux (Site not responding. Last check: 2007-10-13)
		NSA Security-Enhanced Linux (SELinux) is an implementation of a flexi- ble mandatory access control architecture in the Linux operating sys- tem.
		The permissive option enables the SELinux code, but causes it to operate in a mode where accesses that would be denied by policy are permitted but audited.
		SELinux allows for multiple policies to be installed on the system, but only one policy may be active at any given time.
	gd.tuwien.ac.at /.vhost/linuxcommand.org/man_pages/selinux8.html (566 words)

	The UnOfficial SELinux FAQ (Site not responding. Last check: 2007-10-13)
		SELinux was originally developed by the NSA with cooperation from various contractors such as MITRE and NAI Labs.
		SELinux is one of the very few practical operating systems available which can provide such a level of protection.
		SELinux itself is not a distribution - it is a set of features that Linux distributions can include with their installations.
	www.crypt.gen.nz /selinux/faq.html (7046 words)

	Welcome to Hitachi Software's SELinux site.
		Defining security policies in SELinux is really complecated since they includes more than 200 definition files and 10,000 lines in total.
		SELinux Policy Editor is designed to be add-in module to Webmin.
		SELinux Policy Editor uses own language as a intermidiate language for configuring security policies.
	www.selinux.hitachi-sk.co.jp /en/tool/selpe/selpe-top.html (223 words)

	SELinux Frequently Asked Questions (FAQ)
		SELinux support is already included in the mainline Linux 2.6 kernel available from kernel.org.
		The core SELinux userland code consists of a a library for binary policy manipulation (libsepol), a policy compiler (checkpolicy), a library for security-aware applications (libselinux), a library for policy management tools (libsemanage), and several policy-related utilities (policycoreutils).
		Originally, SELinux only provided source compatibility for existing kernel modules; it was necessary to recompile such modules against the modified kernel headers to pick up the new security fields added to the kernel data structures.
	www.nsa.gov /selinux/info/faq.cfm (2607 words)

	Hacks From Pax: SELinux Administration - The Community's Center for Security (Site not responding. Last check: 2007-10-13)
		If you want to completely disable SELinux, you can pass selinux=0 to the kernel command line at startup, but this is not advisable since it disables SELinux entirely and any new files will not be labeled with the correct file context, forcing you to relabel when you re-enable SELinux.
		SELinux file types are attched to each file on your SELinux system using extended file attributes.
		The use of these attributes is integral and required by SELinux, and has some system administration ramifications you should be aware of.
	www.linuxsecurity.com /content/view/120700/49 (1255 words)

	danwalsh: Linux fragmentation - a view from the Security community
		SELinux has been available to the open source community for many years, and is now a standard part of RH's install.
		SELinux and AppArmor are already sharing the code that we agree upon: LSM http://lsm.immunix.org/ which was developed jointly by Immunix and SELinux, as well as numerous other open source contributors.
		SELinux and LSM are not the be all and end all of security.
	danwalsh.livejournal.com /424.html (5827 words)

	redhat.com \| Red Hat Magazine - What is Security-Enhanced Linux?
		SELinux permits restricting which files each process can access and what level of access is to be granted.
		When starting with SELinux, note that there is a kernel parameter of enforcing which determines whether the kernel is in enforcing or permissive mode.
		SELinux in Fedora is supported in the #fedora-selinux channel on the irc.freenode.net IRC server and on the Fedora SELinux mailing list http://www.redhat.com/mailman/listinfo/fedora-selinux-list.
	www.redhat.com /magazine/001nov04/features/selinux (4246 words)

	SPARTA ISSO (Site not responding. Last check: 2007-10-13)
		SELinux is based on the Flask security architecture for flexible mandatory access controls.
		SELinux inserts code into the process management, file system, and networking code of the Linux kernel that makes calls to the security server to obtain security decisions and that applies these decisions to label and control processes and kernel objects such as files, sockets, and System V IPC objects.
		SELinux is licensed under the GNU General Public License.
	opensource.nailabs.com /selinux (419 words)

	Under... SELinux standing ! \| Nuxified Forums (Free Software and GNU/Linux help) (Site not responding. Last check: 2007-10-13)
		Security-enhanced Linux (SELinux) is an implementation of a mandatory access control (MAC) mechanism.
		SELinux runs under the correct policy, but does allow you to login if there is a problem such as incorrect file context labeling.
		Rather than fully disabling SELinux in the kernel, the disabled setting instead turns enforcing off and skips loading a policy.
	www.nuxified.org /under_selinux_standing (791 words)

	Gentoo Linux Projects -- SELinux
		Security-Enhanced Linux (SELinux) is a system of mandatory access control using type enforcement and role-based access control.
		In addition to the kernel portion, SELinux consists of a library (libselinux) and userland utilities for compiling policy (checkpolicy), and loading policy (policycoreutils), in addition to other user programs.
		Then ask if there are plans to support something that you are interested in, propose a new subproject that you are interested in or choose one of the planned subprojects to work on.
	www.gentoo.org /proj/en/hardened/selinux/index.xml (508 words)

	Selinux on FC5
		Selinux can be confusing, but it's ordinary and default configuration is actually pretty simple.
		The idea here is that Selinux can prevent these daemons from misbehaving even if they escape from the ordinary permissions and controls that surround them.
		Nothing else has changed: the directory permissions still allow Apache to create the file, but Selinux does not because we gave the directory a security context that httpd is not allowed to write to.
	aplawrence.com /Linux/basic_selinux.html (564 words)

	Security Enhanced Linux (Site not responding. Last check: 2007-10-13)
		SELinux is a set of alterations made to the Linux kernel by the United States National Security Agency (NSA) for the purpose of bringing the capabilities of the Linux kernel up to Orange Book Class B1 security, meaning it implements mandatory access control limits.
		SELinux has been a part of the mainline kernel since the release of 2.6.
		SELinux works by defining a set of capabilities and laying out the relationship between processes trying to apply those capabilities to other objects or processes.
	www.ultimateevil.org /~jeff/uuasc-2006-07-13.html (1227 words)

	O'Reilly -- Safari Books Online - SELinux
		Selinux is a conscious attempt to fundamentally rework and improve linux security.
		The presentation of SeLinux is straightforward and the security model is presented in a writing style that makes it clear and understandable to the reader.
		SeLinux: NSA's Open Source Security Enhanced Linux is highly recommended as both a Linux security solution and an excellent book on how to utilize all the resources of SeLinux.
	safari.oreilly.com /0596007167 (1269 words)

	SELinux for Distributions (Site not responding. Last check: 2007-10-13)
		Although NSA affiliates participate in some aspects of this project to pursue NSA SELinux research goals, the project and its products are not endorsed or evaluated by NSA.
		The software available from this project is subject to the same legal disclaimers as the original NSA SELinux prototype.
		Although NSA affiliates may have participated in this project and undertaken or suggested some project work, this project is not sponsored by NSA and nothing here constitutes a request for proposal or a commitment by the National Security Agency to anyone for the procurement of equipment, services, or any obligation.
	selinux.sourceforge.net (263 words)

	SELinux and problems with Cacti... (Site not responding. Last check: 2007-10-13)
		SELinux is a very good idea, but currently causes problems with cacti.
		Security-enhanced Linux is a research prototype of the LinuxÂ® kernel and a number of utilities with enhanced security functionality designed simply to demonstrate the value of mandatory access controls to the Linux community and how such controls could be added to Linux.
		If you have SElinux enable and are trying to use Cacti, the kernel should send alerts to syslog saying Apache is trying to do something it isn't authorized to.
	forums.cacti.net /post-32783.html (549 words)

	SELinux News
		This appears to be a very comprehensive book, including very detailed explanations of the policy language, how to use SELinux to achieve specific security goals, and information on recent features including the new policy infrastructure (much of which was developed by the authors).
		The SELinux Symposium has posted its dates and the call for papers for 2007.
		This is the result of a project by Manoj Srivastava to further the initial Debian SELinux work by Russell Coker, re-syncing with upstream and incorporating SELinux into the mainstream Debian project.
	selinuxnews.org /wp (431 words)

	SELinuxSetup - Debian Wiki
		SELinux differs from regular Linux that it has additionally to the traditional "user id" a SELinux user, a role and a type for each file and process.
		Currently there is no SELinux policy for regular locate to work flawlessly, so it is recommended to disable it on SELinux boxes.
		When you are running SELinux, the security gain by doing an additional chroot is rather limited, whereas the security risks of being allowed to setup the chroot are considered higher.
	wiki.debian.org /SELinuxSetup (751 words)

	SELinux/FC5Features - Fedora Project Wiki
		Most of the new features are the building blocks to making SELinux easier to use and allow higher level applications manipulate an SELinux environment.
		This tools also comes with a python object seobject.py file that encapsulates most of the semanage functionality and could eventually be the basis for build GUI management tools (hint!!!).
		Also most of the other libraries in SELinux have had python wrapper classes developed so that you can call most of the functions from python.
	fedoraproject.org /wiki/SELinux/FC5Features (976 words)

	SELinux and UML (Site not responding. Last check: 2007-10-13)
		Running SELinux on the guest is quite easy if the distribution used supports it out of the box.
		We provide an image based on the Gentoo 2005.1 SELinux profile, which can be used using a kernel with SELinux enabled (all of these kernels do).
		SELinux can be used to lock down UML instances, controlling precisely which resources the instances are allowed to use and preventing a compromised instance from being used to get through to the host.
	uml.nagafix.co.uk /SELinux (430 words)

	MITRE - Security-Enhanced Linux
		SELinux addresses the threats of tampering and the bypass of application security mechanisms, and can strictly confine any damage caused by malicious or flawed applications.
		Since then, MITRE's contribution to the SELinux community has been two-fold: development of individual application policies (roughly between 2000 and 2002), and the design and development of SELinux policy management tools.
		MITRE's SELinux group has published a small number of papers on the theory and applications of this technology.
	www.mitre.org /tech/selinux (709 words)

Try your search on: Qwika (all wikis)