Linux Security Modules Project Update 8
James Morris writes: "Here's an update on the Linux Security Modules project (LSM).
In April last year, the NSA proposed SELinux at the first Linux Kernel Summit. Following feedback from Linus, the LSM project was initiated by Crispin Cowan to develop a generic access control framework for Linux which would allow different
types of security policies to be implemented as loadable kernel modules. Rather than having to choose one security model, LSM aims to provide a framework for incorporating a variety of advanced security mechanisms into Linux with a minimal effect on the base kernel.
This week, Chris Wright (the principal maintainer) formally announced patches for the 2.4 and 2.5 kernels. Chris will be presenting LSM at this year's Kernel Summit and giving a talk at OLS, hopefully kicking off discussion on acceptance of LSM into the main kernel. Projects which have already been ported to LSM include SELinux, LIDS, DTE, Openwall and Posix.1e Capabilities.
Check out the newly re-vamped web site for downloads, documentation and general information."
before the paranoia-laden trolls arrive.... (Score:2, Informative)
-NSA's mission is two-fold - (1) collect intelligence (2) develop secure systems suitable for military use. SE Linux falls under #2
-Why did this keep-everything-secret agency release it publicly? GNU General Public License.
-Who provides funding? American Taxdollars. Look at it as return on your income tax.
Government Using Linux More Often (Score:1, Interesting)
Here's an intresting article [wired.com] from Wired [wired.com] that covers Linux use expansion into governments. Finally the government is waking up to the fact that our tax dollars do not havto goto those greedy bastards.
Auditing (Score:1)
For those that need this capability, have a look at SNARE - http://www.intersectalliance.com/projects/index.h
Snare operates by intercepting system-calls at the moment, but the goal is to integrate into LSM in the future.
Re:Auditing (Score:1)
- see this thread for more information:
http://mail.wirex.com/pipermail/linux-security-