Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Linux Security Modules Project Update 8

James Morris writes: "Here's an update on the Linux Security Modules project (LSM). In April last year, the NSA proposed SELinux at the first Linux Kernel Summit. Following feedback from Linus, the LSM project was initiated by Crispin Cowan to develop a generic access control framework for Linux which would allow different types of security policies to be implemented as loadable kernel modules. Rather than having to choose one security model, LSM aims to provide a framework for incorporating a variety of advanced security mechanisms into Linux with a minimal effect on the base kernel. This week, Chris Wright (the principal maintainer) formally announced patches for the 2.4 and 2.5 kernels. Chris will be presenting LSM at this year's Kernel Summit and giving a talk at OLS, hopefully kicking off discussion on acceptance of LSM into the main kernel. Projects which have already been ported to LSM include SELinux, LIDS, DTE, Openwall and Posix.1e Capabilities. Check out the newly re-vamped web site for downloads, documentation and general information."
This discussion has been archived. No new comments can be posted.

Linux Security Modules Project Update

Comments Filter:
  • by Anonymous Coward
    -NSA SELinux is OPEN SOURCE! Scared about backdoors? Then read the code yourself. No time or ability? It (the code) has been audited by a third party, nothing questionable was found.

    -NSA's mission is two-fold - (1) collect intelligence (2) develop secure systems suitable for military use. SE Linux falls under #2

    -Why did this keep-everything-secret agency release it publicly? GNU General Public License.

    -Who provides funding? American Taxdollars. Look at it as return on your income tax.
  • by Anonymous Coward
    It seems like everyday more and more Governments are using Linux as a solution to their computing needs. Checkout what the NSA is working on [] for Linux (including source). EVEN the US government is using Linux ( micro$oft home base) is located !!
    Here's an intresting article [] from Wired [] that covers Linux use expansion into governments. Finally the government is waking up to the fact that our tax dollars do not havto goto those greedy bastards.
  • Unfortunately, at this stage, LSM doesn't yet have the hooks to support C2-style auditing, although Crispin and I have exchanged a few ideas about this in the past.

    For those that need this capability, have a look at SNARE - ml

    Snare operates by intercepting system-calls at the moment, but the goal is to integrate into LSM in the future.
    • Note though, that a facility to support auditing modules (like Snare hopefully!) is being worked on.
      - see this thread for more information: od ule/2001-June/thread.html#897

Whenever people agree with me, I always think I must be wrong. - Oscar Wilde