Skip top menus
National Security Agency and Central Security Service with agency logos.NSA/CSS Memorial Wall
Home    About NSA    Research    Business    Careers    Public Info    History
Introduction to Research    Security-Enhanced Linux    Information Assurance Research    Technology Transfer    Publications    Related Links

>>SELinux Mailing List: by thread

Search
What's new?
Contents
Overview
What's New
Frequently Asked Questions
Background
Documentation
License
Download
Participating
Mail List
Archive Summary
Archive by Thread
Archive by Author
Archive by Date
Archive by Subject
Remaining Work
Contributors
Related Work
Press Releases
  • Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
From: Howard Holm <hdholm_at_epoch.ncsc.mil>
subject: Updated release
Date: Thu, 27 Sep 2001 18:11:05 -0400
  • This message: [ Message body ]
  • Next message: Grant Bayley: "Re: Updated release"
  • Previous message: Chris Vance: "Re: I can ' t use named on LSM-based Prototype. Why?"
  • In reply to: Howard Holm: "Updated release"
  • Next in thread: Grant Bayley: "Re: Updated release"
  • Reply: Grant Bayley: "Re: Updated release"
  • Reply: Conan Callen: "Re: Updated release"


The SELinux web site including the mail list archive has been updated. The site includes a new release of the LSM-based SELinux prototype. This release contains many bug fixes and improvements to both LSM and SELinux and is based on the lsm-2001_09_23 patch against kernel 2.4.10. The release includes new and reworked hooks to control additional operations.

The policy now includes hwclock_t and ping_t domains for hwclock and ping (from David Wheeler,) an ipsec_t domain for the FreeSWAN IKE daemon and programs (from Mark Westerman,) and an httpd_t domain for Apache (from MITRE.) None of these has been extensively tested by the NSA SELinux team, and they may require some additional work. Note that we have not yet included any FreeSWAN or Apache components in the material distributed with SELinux.

We have chosen not to release patches to our previous patches. You will need a complete set of patches or the complete (already patched) source code. We believe that the patches to patches were not being utilized enough to justify the work to create them. If you would rather apply updates as patches to our previous patches, please notify me directly at the address below so we can gauge the interest.

--

Howard Holm <hdholm@epoch.ncsc.mil>
Secure Systems Research Office
National Security Agency

--

You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.

From: Grant Bayley <gbayley_at_ausmac.net>
subject: Re: Updated release
Date: Fri, 28 Sep 2001 16:44:30 +1000 (EST)
  • This message: [ Message body ]
  • Next message: Stephen Smalley: "[PATCH] Support for stacking capabilities with SELinux (Was: Re: I can ' t use named on LSM-based Prototype. Why?)"
  • Previous message: Howard Holm: "Updated release"
  • In reply to: Howard Holm: "Updated release"
  • Next in thread: Conan Callen: "Re: Updated release"


Hi everyone,

And the mirror at Wiretapped in Australia is now updated as well (the NSA site has been a bit slow today...): 

	http://the.wiretapped.net/security/operating-systems/selinux/
	ftp://ftp.wiretapped.net/pub/security/operating-systems/selinux/

The layout should be fairly obvious...

Hope this helps,

Grant

On Thu, 27 Sep 2001, Howard Holm wrote:

> The SELinux web site including the mail list archive has been updated.
> The site includes a new release of the LSM-based SELinux prototype.
> This release contains many bug fixes and improvements to both LSM and
> SELinux and is based on the lsm-2001_09_23 patch against kernel 2.4.10.
> The release includes new and reworked hooks to control additional
> operations.

 [snip] 

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
From: Conan Callen <ccallen_at_windowpane.com>
subject: Re: Updated release
Date: Sat, 29 Sep 2001 23:47:19 -0700 (PDT)
  • This message: [ Message body ]
  • Next message: Stephen Smalley: "Re: distribution of kernel patches"
  • Previous message: Manoj Srivastava: "Re: distribution of kernel patches"
  • In reply to: Howard Holm: "Updated release"
  • Next in thread: Stephen Smalley: "Re: Updated release"
  • Reply: Stephen Smalley: "Re: Updated release"

I checked the changes file didn't find anything to indicate any changes in the area below. I wanted to double check and see if anyone had some pointers.

When the updated kernel is built can the existing policy be used?

Is it nessessary to rebuild the policy dir, setfiles, relable, etc. If so, can the previous config files & te files be copied in or have any file formats changed?

Conan Callen
Windowpane 

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
From: Stephen Smalley <sds_at_tislabs.com>
subject: Re: Updated release
Date: Mon, 1 Oct 2001 09:52:54 -0400 (EDT)
  • This message: [ Message body ]
  • Next message: Steve Smalley: "Re: distribution of kernel patches"
  • Previous message: Stephen Smalley: "Re: distribution of kernel patches"
  • In reply to: Conan Callen: "Re: Updated release"

On Sat, 29 Sep 2001, Conan Callen wrote:

> I checked the changes file didn't find anything to indicate any changes in
> the area below. I wanted to double check and see if anyone had some
> pointers.

The selinux/ChangeLog file has a summary of the changes to LSM and SELinux since the last release.

> When the updated kernel is built can the existing policy be used?
>
> Is it nessessary to rebuild the policy dir, setfiles, relable, etc. If so, can
> the previous config files & te files be copied in or have any file formats
> changed?

I would generally recommend doing a full installation, following the instructions in README as before. You don't need to do step 8 unless you were running the non-LSM SELinux prototype. There have been changes to the policy and setfiles/file_contexts configuration since the last release. If you made customizations to your policy and setfiles/file_contexts, then you should check whether the same customizations are still needed, since we may have merged them into the example policy. We try to merge policy customizations into the example policy when people contribute them back to us as long as they are reasonable. The configuration languages haven't changed, other than the addition of the policy/devfs_contexts file for devfs file labeling. 

--
Stephen D. Smalley, NAI Labs
ssmalley@nai.com






--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
  • Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT

Information Assurance | Signals & Intelligence        Links | Accessibility | Privacy & Security