The SELinux web site <http://www.nsa.gov/selinux/> including the mail
list archive has been updated. The site includes a new release of the
LSM-based SELinux prototype. This release is based on the
lsm-2001_11_05 patch against kernel 2.4.14. It fixes a number of bugs,
cleans up some code, and is based on newer versions of the kernel and
utilities.
The following changes should be carefully noted if you have previously installed SELinux:
--
Howard Holm <hdholm@epoch.ncsc.mil>
Secure Systems Research Office
National Security Agency
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
Australian SELinux mirror now updated:
http://the.wiretapped.net/security/operating-systems/selinux/
(in the LSM-based prototype, we're mirroring the all-in-one tarball and the two-parts tarballs (no need to mirror the patches separately. Also documentation mirror has been updated as well.)
Grant
Grant Bayley gbayley@ausmac.net-Admin @ AusMac Archive, Wiretapped.net, 2600 Australia www.ausmac.net www.wiretapped.net www.2600.org.au
On Tue, 20 Nov 2001, Howard Holm wrote:
> The SELinux web site <http://www.nsa.gov/selinux/> including the mail
> list archive has been updated. The site includes a new release of the
> LSM-based SELinux prototype. This release is based on the
> lsm-2001_11_05 patch against kernel 2.4.14. It fixes a number of bugs,
> cleans up some code, and is based on newer versions of the kernel and
> utilities.
>
> The following changes should be carefully noted if you have previously
> installed SELinux:
>
> 1) LSM has renamed all LSM-related configuration options to use a
> CONFIG_SECURITY prefix, and we have done likewise for the SELinux
> kernel option. This means that old .config files aren't quite right
> anymore. You can still use them, but you'll need to explicitly enable
> the LSM-related (IP Networking hooks, Capabilities) and SELinux options
> again when you configure (unless you hand edit your old .config file to
> reflect the name changes).
>
> 2) A small change was made to the policydb format, so you need to
> rebuild checkpolicy and recompile your policy with the updated
> checkpolicy program. Also, if you have customized your policy, you
> need to at least pick up a new initial SID definition (sysctl_net_unix)
> in the initial_sid_contexts file.
>
> 3) The execve_secure system call has been reimplemented via the general
> security system call. Previously, this system call remained as a
> separate entrypoint due to the inability to access register state
> (needed by execve) from the general security system call, but this was
> undesireable because only the security call is reserved in the
> mainstream kernel. We found that we could reimplement the
> execve_secure call via the security call by replacing the LSM security
> call entrypoint function with our own architecture-specific entrypoint
> function that can support both execve_secure and all of our other
> calls. So you must recompile libsecure and relink all applications
> that use exec.*_secure against it (runas, newrole, crond, run_init,
> sshd, login, Mark Westerman's modified gdm). This will be a nuisance
> for current users, but ensures that you should never have to do so
> again, since the security syscall is reserved, unlike the old separate
> entrypoint for execve_secure.
>
> --
> Howard Holm <hdholm@epoch.ncsc.mil>
> Secure Systems Research Office
> National Security Agency
>
>
> --
> You have received this message because you are subscribed to the selinux list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.From: Howard Holm <hdholm_at_epoch.ncsc.mil>
The SELinux web site <http://www.nsa.gov/selinux/> including the mail
list archive has been updated. The site includes a new release of the
LSM-based SELinux prototype. This release is based on the
lsm-full-2001_12_10 patch against kernel 2.4.16 which merges SELinux
into the LSM tree. Many utilities have been updated to newer versions
to improve compatibility with Red Hat 7.2. Auditing has been revised
for easier parsing and several additional bugs were fixed.
--
Howard Holm <hdholm@epoch.ncsc.mil>
Secure Systems Research Office
National Security Agency
--
You have received this message because you are subscribed to the selinux list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
Hi all,
The SELinux mirror at Wiretapped in Sydney, Australia has now been updated with the new release:
http://the.wiretapped.net/security/operating-systems/selinux/ ftp://ftp.wiretapped.net/pub/security/operating-systems/selinux/
Main archives:
Grant
Grant Bayley gbayley@ausmac.net -IT Manager @ FNL Communications (www.fnl.com.au)-Admin @ AusMac Archive, Wiretapped.net, 2600 Australia www.ausmac.net www.wiretapped.net www.2600.org.au
On Mon, 10 Dec 2001, Howard Holm wrote:
> The SELinux web site <http://www.nsa.gov/selinux/> including the mail
> list archive has been updated. The site includes a new release of the
> LSM-based SELinux prototype. This release is based on the
> lsm-full-2001_12_10 patch against kernel 2.4.16 which merges SELinux
> into the LSM tree. Many utilities have been updated to newer versions
> to improve compatibility with Red Hat 7.2. Auditing has been revised
> for easier parsing and several additional bugs were fixed.
>
> --
> Howard Holm <hdholm@epoch.ncsc.mil>
> Secure Systems Research Office
> National Security Agency
>
> --
> You have received this message because you are subscribed to the selinux list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
>
-- You have received this message because you are subscribed to the selinux list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.
This archive was generated by hypermail 2.2.0 on Wed 11 Jun 2008 - 08:10:54 EDT