From Fedora Project Wiki
< SELinux
fp-wiki>ImportUser (Imported from MoinMoin) |
|||
(3 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{Update}} | |||
= Multi Level Security / LSPP Overview = | = Multi Level Security / LSPP Overview = | ||
Line 31: | Line 33: | ||
|SELinux reference policy || http://serefpolicy.sourceforge.net/ || The new framework for an all-in-one modular policy | |SELinux reference policy || http://serefpolicy.sourceforge.net/ || The new framework for an all-in-one modular policy | ||
|- | |- | ||
|Reference policy RPMs || ftp://people.redhat.com/dwalsh/SELinux/fedora/ || Dan Walsh's YUM repository for SELinux reference policy RPM packages; these usually get propagated to Rawhide after couple of hours | |Reference policy RPMs || ftp://people.redhat.com/dwalsh/SELinux/fedora/ || Dan Walsh's [[dnf|DNF]]|YUM repository for SELinux reference policy RPM packages; these usually get propagated to Rawhide after couple of hours | ||
|- | |- | ||
|SELinux for Distributions || http://selinux.sourceforge.net/ || General development and NSA CVS archive | |SELinux for Distributions || http://selinux.sourceforge.net/ || General development and NSA CVS archive | ||
|- | |- | ||
|LSPP kernel || http://people.redhat.com/sgrubb/files/lspp/ || Bleeding edge LSPP development kernel YUM repository | |LSPP kernel || http://people.redhat.com/sgrubb/files/lspp/ || Bleeding edge LSPP development kernel [[dnf|DNF]]|YUM repository | ||
|- | |- | ||
|audit || ftp://ftp.uk.linux.org/pub/people/dwmw2/audit/ || David Woodhouse's audit packages, note the kernels here are for CAPP systems not LSPP | |audit || ftp://ftp.uk.linux.org/pub/people/dwmw2/audit/ || David Woodhouse's audit packages, note the kernels here are for CAPP systems not LSPP | ||
Line 52: | Line 54: | ||
* [http://www.commoncriteriaportal.org/public/consumer/index.php?menu=5 Common Criteria Protection Profiles] | * [http://www.commoncriteriaportal.org/public/consumer/index.php?menu=5 Common Criteria Protection Profiles] | ||
[[Category:SELinux]] |
Latest revision as of 08:28, 8 October 2015
Multi Level Security / LSPP Overview
The MLS functionality in SE Linux is being developed as part of the Common Criteria LSPP certification work. The LSPP work aims to get LSPP , RBAC , and CAPP certification at EAL 4+
This link from James Morris blog has a lot of background information on the LSPP work.
Chris Runge Paper: The Path to Multi-Level Security in Red Hat Enterprise Linux
Mailing lists
Name | Information and archive | Comments |
selinux | http://www.nsa.gov/selinux/info/list.cfm?MenuID=41.1.1.9 / http://marc.theaimsgroup.com/?l=selinux&r=1&w=2 | General SELinux development discussions |
linux-audit | https://www.redhat.com/mailman/listinfo/linux-audit | Auditing specific issues |
redhat-lspp | https://www.redhat.com/mailman/listinfo/redhat-lspp | LSPP on RedHat development |
fedora-selinux | https://www.redhat.com/mailman/listinfo/fedora-selinux-list | Fedora specific SELinux issues |
Projects and Repositories
Name | Information and archive | Comments |
SELinux reference policy | http://serefpolicy.sourceforge.net/ | The new framework for an all-in-one modular policy |
Reference policy RPMs | ftp://people.redhat.com/dwalsh/SELinux/fedora/ | Dan Walsh's DNF|YUM repository for SELinux reference policy RPM packages; these usually get propagated to Rawhide after couple of hours |
SELinux for Distributions | http://selinux.sourceforge.net/ | General development and NSA CVS archive |
LSPP kernel | http://people.redhat.com/sgrubb/files/lspp/ | Bleeding edge LSPP development kernel DNF|YUM repository |
audit | ftp://ftp.uk.linux.org/pub/people/dwmw2/audit/ | David Woodhouse's audit packages, note the kernels here are for CAPP systems not LSPP |
devallocator | http://sourceforge.net/projects/devallocator/ | TCS Device Allocation |
Links
- MCS Policy - MCS is based on the same kernel features so much of the MLS development work applies to it. Also as MCS will be vastly more popular than MLS it's expected that many applications will get support for MCS which can then be used for MLS at a later time.
- Introduction to the Common Criteria , see page 11 and 12 for a description of EAL