[techtalk] SELinux

David Merrill david at lupercalia.net
Sat Jul 7 20:19:01 EST 2001


On Sat, Jul 07, 2001 at 06:37:55PM -0400, Caitlyn M. Martin wrote:
> On Saturday 07 July 2001 08:26 am, Marcia Barrett Nice wrote:
> > http://www.nsa.gov/selinux/
> >
> > Has anyone on this list looked into this?  
> 
> Yes, in detail.  I wrote the white paper for another federal Agency on this, 
> recommending that they continue to monitor the progress of the project but 
> that they should *not* consider using it at this time.  My recommendation is 
> the same for you.

One of the developers spoke at my local LUG three months ago. I don't
remember the developer's name, sorry. He said they were 2-3 years away
from it being a usable system. They are doing *research*, not
developing a product at this time. But they expect that either they or
others will take the research and make a usable system out of it.

The final implementation is waiting on, omong other things, Linus to
accept a standard interface for security modules. Linus has stated
that he will not accept any one of the security approaches as the
kernel `standard' but instead wants a set api that each of them can
use. Development on that api is in progress but still in early design.

IOW, don't expect any of these new security methods to be really
usable until 2.6 comes out, or 2.5 if you want to run a development
kernel, which you don't in this case!

-- 
Dr. David C. Merrill                     http://www.lupercalia.net
Linux Documentation Project                   david at lupercalia.net
Collection Editor & Coordinator            http://www.linuxdoc.org

Long computations which yield zero are probably all for naught.




More information about the Techtalk mailing list