3.1 SELinux Versions

     

Every implementation of SELinux is based on one of the official NSA versions. The NSA has published four major versions of SELinux:


Original (Pre-LSM) SELinux

The original version of SELinux, which supported Linux 2.2 and Linux 2.4.


LSM-Based SELinux

A version of SELinux that worked with the Linux Security Modules (LSM) patch to Linux 2.4 and 2.5.


SELinux for Linux 2.4

A version of SELinux that also worked with the LSM patch to Linux 2.4, but additionally required the extended attribute (EA) patch. Apart from differences in kernel support, this version is architecturally similar to SELinux for Linux 2.6 but is no longer under active development.


SELinux for Linux 2.6

The current version of SELinux, which works with standard Linux 2.6 kernels . The Linux 2.6 kernel natively supports SELinux and therefore does not have to be patched.

The application programming interface of the original and LSM-based versions of SELinux differs from that of current version. Therefore, although the older versions can still be downloaded from the NSA's web site, I don't recommend that the older versions ”or third-party packages or source code based on the older versions ”be used.

Similarly, although the Linux 2.4 version of SELinux is architecturally similar to the current Linux 2.6-based SELinux release, it is not under active development and therefore lacks useful functions present in the current release. At the time of writing, implementations of SELinux for Linux distributions not integrally supporting SELinux tend to be based on SELinux for Linux 2.4 and are therefore somewhat out of date. Consequently, my own preference and recommendation is that you install one of the following SELinux implementations :

  • Red Hat Enterprise Linux 4 (when available)

  • Fedora Core 2

Nevertheless, in the following sections I give procedures and suggestions for installing SELinux for Debian GNU/Linux ”owing to its high popularity and ready availability ”and Gentoo Linux. Although Gentoo Linux does not support SELinux integrally, Gentoo's Hardened Project does officially support Gentoo's implementation of SELinux.



SELinux. NSA's Open Source Security Enhanced Linux
Selinux: NSAs Open Source Security Enhanced Linux
ISBN: 0596007167
EAN: 2147483647
Year: 2003
Pages: 100
Authors: Bill McCarty

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net