SELinux question (perhaps OT)

Robert Connolly robert at linuxfromscratch.org
Tue Mar 8 18:35:59 PST 2005


On March 8, 2005 02:20 pm, DHAJOGLO wrote:
> I have read a few articles about the Selinux project at NSA.  I am
> relatively new to detailed security with linux (HLFS is my first real
> security centric work with linux) so I'm not too keen on some details. 
> Based on the FAQ at the NSA, http://www.nsa.gov/selinux/info/faq.cfm it
> sounds as if the SELinux code is already in the 2.6 kernel.  Further, in
> their FAQ, changes to the Selinux can be obtained from them (or source
> forge) as they are available.
>
> So, does HLFS have a position on the Selinux project, or is it already
> present and just up the administrator to implement the security tools?

Although its not added to hlfs yet, we're most likely going to use grsecurity 
access control instead of selinux. Grsecurity's access controls are much 
easier to install and administrate, and there are some design advantages 
which may make it more secure. See http://www.grsecurity.net/ for more info, 
the lsm.php page talks about some disadvantages to the selinux design.

> Or, does the SELinux piece need to be added manually (it sounds like that
> at source forge: http://selinux.sourceforge.net/about.php3)?

You're free to use selinux if you want. Someone started an LFS hint here:

http://www.blankersfamily.com/lfs/selinux/

robert



More information about the hlfs-dev mailing list