Several questions directed to the SE Linux principles

Stephen, in your talk this spring at Usenix you noted that you had a server running SE Linux in production for a period of months.

Can you advise what SE Linux version(s) are so used and what is the operational environment (Internet-exposed? services running in secured contexts?)

I expect that since the stable 2.2.19 kernel-patched version, through the 2.4 kernel-patched and into the currently recommended LSM-based version that you have added features and killed bugs.

The NSA download site recommends that people use the most recent
(LSM) code, which makes sense in development, as I doubt that
the new versions maintain backward-compatibilty.

Is this also the best (general) recommendation for trying to deliver an operational, secured system.

Within the caveat that I don't think NSA can (or should) take repsponsibility recommend SE Linux as a production system, are there any differences between the 3 major extant versions
(2.2.19, 2.4, LSM) as regards deploying operational servers?

Thanks,

forrest

--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.