From Fedora Project Wiki
< SELinux
m (1 revision(s)) |
(outdated links; lack of in-depth info) |
||
Line 1: | Line 1: | ||
{{Update}} | |||
= Multi Level Security / LSPP Overview = | = Multi Level Security / LSPP Overview = | ||
Revision as of 08:03, 5 April 2014
Multi Level Security / LSPP Overview
The MLS functionality in SE Linux is being developed as part of the Common Criteria LSPP certification work. The LSPP work aims to get LSPP , RBAC , and CAPP certification at EAL 4+
This link from James Morris blog has a lot of background information on the LSPP work.
Chris Runge Paper: The Path to Multi-Level Security in Red Hat Enterprise Linux
Mailing lists
Name | Information and archive | Comments |
selinux | http://www.nsa.gov/selinux/info/list.cfm?MenuID=41.1.1.9 / http://marc.theaimsgroup.com/?l=selinux&r=1&w=2 | General SELinux development discussions |
linux-audit | https://www.redhat.com/mailman/listinfo/linux-audit | Auditing specific issues |
redhat-lspp | https://www.redhat.com/mailman/listinfo/redhat-lspp | LSPP on RedHat development |
fedora-selinux | https://www.redhat.com/mailman/listinfo/fedora-selinux-list | Fedora specific SELinux issues |
Projects and Repositories
Name | Information and archive | Comments |
SELinux reference policy | http://serefpolicy.sourceforge.net/ | The new framework for an all-in-one modular policy |
Reference policy RPMs | ftp://people.redhat.com/dwalsh/SELinux/fedora/ | Dan Walsh's YUM repository for SELinux reference policy RPM packages; these usually get propagated to Rawhide after couple of hours |
SELinux for Distributions | http://selinux.sourceforge.net/ | General development and NSA CVS archive |
LSPP kernel | http://people.redhat.com/sgrubb/files/lspp/ | Bleeding edge LSPP development kernel YUM repository |
audit | ftp://ftp.uk.linux.org/pub/people/dwmw2/audit/ | David Woodhouse's audit packages, note the kernels here are for CAPP systems not LSPP |
devallocator | http://sourceforge.net/projects/devallocator/ | TCS Device Allocation |
Links
- MCS Policy - MCS is based on the same kernel features so much of the MLS development work applies to it. Also as MCS will be vastly more popular than MLS it's expected that many applications will get support for MCS which can then be used for MLS at a later time.
- Introduction to the Common Criteria , see page 11 and 12 for a description of EAL