Every implementation of SELinux is based on one of the official NSA versions. The NSA has published four major versions of SELinux: -
- Original (Pre-LSM) SELinux
-
The original version of SELinux, which supported Linux 2.2 and Linux 2.4. -
- LSM-Based SELinux
-
A version of SELinux that worked with the Linux Security Modules (LSM) patch to Linux 2.4 and 2.5. -
- SELinux for Linux 2.4
-
A version of SELinux that also worked with the LSM patch to Linux 2.4, but additionally required the extended attribute (EA) patch. Apart from differences in kernel support, this version is architecturally similar to SELinux for Linux 2.6 but is no longer under active development. -
- SELinux for Linux 2.6
-
The current version of SELinux, which works with standard Linux 2.6 kernels . The Linux 2.6 kernel natively supports SELinux and therefore does not have to be patched. The application programming interface of the original and LSM-based versions of SELinux differs from that of current version. Therefore, although the older versions can still be downloaded from the NSA's web site, I don't recommend that the older versions ”or third-party packages or source code based on the older versions ”be used. Similarly, although the Linux 2.4 version of SELinux is architecturally similar to the current Linux 2.6-based SELinux release, it is not under active development and therefore lacks useful functions present in the current release. At the time of writing, implementations of SELinux for Linux distributions not integrally supporting SELinux tend to be based on SELinux for Linux 2.4 and are therefore somewhat out of date. Consequently, my own preference and recommendation is that you install one of the following SELinux implementations : Nevertheless, in the following sections I give procedures and suggestions for installing SELinux for Debian GNU/Linux ”owing to its high popularity and ready availability ”and Gentoo Linux. Although Gentoo Linux does not support SELinux integrally, Gentoo's Hardened Project does officially support Gentoo's implementation of SELinux. |