[RFC] SELinux security module 2.5.69

Stephen Smalley (sds@epoch.ncsc.mil)
07 May 2003 16:20:54 -0400

I am again requesting comments on the SELinux module prior to submitting
it. An updated version of the SELinux module for 2.5.69 is now
available from http://www.nsa.gov/selinux/lk/A07selinux.patch.gz. This
patch only modifies the security/ directory, updating its Makefile and
Kconfig and adding the selinux subdirectory and files under it. As with
the prior RFC posting, this patch depends on the A0[1-6]*.patch.gz
patches in the same directory that have been separately submitted, and
the full patch against 2.5.69 is
http://www.nsa.gov/selinux/lk/2.5.69-selinux1.patch.gz. Some
corresponding userland components are contained in
http://www.nsa.gov/selinux/lk/selinux-2.5.tgz.

Changes since the prior RFC posting include:
- Flattened the include hierarchy under security/selinux
- Dropped the special handling of proc inode labeling, to be
revisited later as a separate patch, possibly via xattr handlers
in the virtual filesystems to support security labeling.
- Dropped avc_d_path.
- Various code cleanups.

As before, documentation of SELinux can be found at
http://www.nsa.gov/selinux/docs.html. That documentation does not
reflect the changes to the SELinux API and implementation that we have
been making in preparing for submission to mainline 2.5, but is useful
in understanding the architecture and design. Background information
for the SELinux project is available at
http://www.nsa.gov/selinux/background.html.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/