SELinux hint

Laurens Blankers laurens.blankers at gmail.com
Mon Jan 10 08:26:57 PST 2005


Hello all,

I am working on a SELinux enabled system based on LFS 6.0 and am
writing a hint in the process. SELinux is a kernel modification
originally by the NSA which adds fine-grained access control over
processes, files and network sockets. Most of it has been merged in
the 2.6 kernel.

This access control is particularly useful to people running daemons
such as bind, apache and postfix, because it enables them to restrict
these daemons to the absolute minimum permissions even when running as
root.

A very very rough alpha version of this hint is available at:

http://www.blankersfamily.com/lfs/selinux/

People that are interested in helping develop this hint and testing it
are very welcome to drop me a line.

My apologises for cross-posting this message to three lists. However
this hint seemed relevant to all three.

Sincerely,

Laurens



More information about the hlfs-dev mailing list