From Fedora Project Wiki
This wiki page is outdated
Please update this wiki page to reflect recent events or newly available information.

Multi Level Security / LSPP Overview

The MLS functionality in SE Linux is being developed as part of the Common Criteria LSPP certification work. The LSPP work aims to get LSPP , RBAC , and CAPP certification at EAL 4+

This link from James Morris blog has a lot of background information on the LSPP work.

Chris Runge Paper: The Path to Multi-Level Security in Red Hat Enterprise Linux

Mailing lists

Name Information and archive Comments
selinux / General SELinux development discussions
linux-audit Auditing specific issues
redhat-lspp LSPP on RedHat development
fedora-selinux Fedora specific SELinux issues

Projects and Repositories

Name Information and archive Comments
SELinux reference policy The new framework for an all-in-one modular policy
Reference policy RPMs Dan Walsh's DNF|YUM repository for SELinux reference policy RPM packages; these usually get propagated to Rawhide after couple of hours
SELinux for Distributions General development and NSA CVS archive
LSPP kernel Bleeding edge LSPP development kernel DNF|YUM repository
audit David Woodhouse's audit packages, note the kernels here are for CAPP systems not LSPP
devallocator TCS Device Allocation


  • MCS Policy - MCS is based on the same kernel features so much of the MLS development work applies to it. Also as MCS will be vastly more popular than MLS it's expected that many applications will get support for MCS which can then be used for MLS at a later time.