From Fedora Project Wiki
This wiki page is outdated
Please update this wiki page to reflect recent events or newly available information.

Multi Level Security / LSPP Overview

The MLS functionality in SE Linux is being developed as part of the Common Criteria LSPP certification work. The LSPP work aims to get LSPP , RBAC , and CAPP certification at EAL 4+

This link from James Morris blog has a lot of background information on the LSPP work.

Chris Runge Paper: The Path to Multi-Level Security in Red Hat Enterprise Linux

Mailing lists

Name Information and archive Comments
selinux http://www.nsa.gov/selinux/info/list.cfm?MenuID=41.1.1.9 / http://marc.theaimsgroup.com/?l=selinux&r=1&w=2 General SELinux development discussions
linux-audit https://www.redhat.com/mailman/listinfo/linux-audit Auditing specific issues
redhat-lspp https://www.redhat.com/mailman/listinfo/redhat-lspp LSPP on RedHat development
fedora-selinux https://www.redhat.com/mailman/listinfo/fedora-selinux-list Fedora specific SELinux issues


Projects and Repositories

Name Information and archive Comments
SELinux reference policy http://serefpolicy.sourceforge.net/ The new framework for an all-in-one modular policy
Reference policy RPMs ftp://people.redhat.com/dwalsh/SELinux/fedora/ Dan Walsh's DNF|YUM repository for SELinux reference policy RPM packages; these usually get propagated to Rawhide after couple of hours
SELinux for Distributions http://selinux.sourceforge.net/ General development and NSA CVS archive
LSPP kernel http://people.redhat.com/sgrubb/files/lspp/ Bleeding edge LSPP development kernel DNF|YUM repository
audit ftp://ftp.uk.linux.org/pub/people/dwmw2/audit/ David Woodhouse's audit packages, note the kernels here are for CAPP systems not LSPP
devallocator http://sourceforge.net/projects/devallocator/ TCS Device Allocation

Links

  • MCS Policy - MCS is based on the same kernel features so much of the MLS development work applies to it. Also as MCS will be vastly more popular than MLS it's expected that many applications will get support for MCS which can then be used for MLS at a later time.