NSA Security-enhanced Linux

The SELinux web site http://www.nsa.gov/selinux/ including the mail
list archive has been updated.  The site includes a new release of the
LSM-based SELinux prototype.  The stable (2.4) LSM-based SELinux
prototype remains at kernel 2.4.18.  The development (2.5) LSM-based
SELinux prototype was updated to kernel 2.5.24.  The OpenSSH patch has
been updated to openssh-3.4p1.  The file system labeling support has
been generalized and labeling for kernel-generated IGMP and ICMP
traffic has been added.  Many improvements have been made in the policy
including making many policy sections optional, changing the audit
configuration syntax, adding explicit type attribute declarations, and
merging many contributed domains and policy changes.  The technical
report describing configuration of the policy has also been updated.

Security-enhanced Linux incorporates a strong, flexible mandatory
access control architecture into the major subsystems of the Linux
kernel. The system provides a mechanism to enforce the separation of
information based on confidentiality and integrity requirements.  This
allows threats of tampering and bypassing of application security
mechanisms to be addressed and enables the confinement of damage that
can be caused by malicious or flawed applications.  The SELinux web
site <http://www.nsa.gov/selinux/> contains background information,
documentation, source code, and archives for the selinux mailing-list.

--
Howard Holm <hdholm@epoch.ncsc.mil>
Secure Systems Research Office
National Security Agency

##########################################################################
# Send submissions for comp.os.linux.announce to: cola@stump.algebra.com #
# PLEASE remember a short description of the software and the LOCATION.  #
# This group is archived at http://stump.algebra.com/~cola/              #
##########################################################################