Archive for March, 2006

Fedora Core 5 and SELinux

by James Morris |  Monday, March 20th, 2006

Fedora Core 5 was released earlier today. This release carries some significant SELinux changes, including:

  • MCS (Multi-category Security) enabled by default
  • Integration of the new semanage framework
  • Loadable policy nodules
  • Transition to Reference Policy

Dan Walsh has a good writeup here.

New Polgen release from MITRE

by James Morris |  Thursday, March 16th, 2006

The SELinux folk at MITRE have announced version 1.3 of their automated policy generation tool Polgen. Significant new features include Polgen Specification Language (PSL), presented at the recent SELinux Symposium (see here), and a new sourceforge project page, to facilitate greater community involvement in the project.

Updated NSA release

by James Morris |  Wednesday, March 15th, 2006

Announced here, there’s a new NSA release of the upstream SELinux code, notably including changes to semanage which allow manipulation of network nodes & ports, active booleans and file contexts.

Tresys Brickwall preview now available

by Joshua Brindle |  Wednesday, March 15th, 2006

For those of you who weren’t at the recent SELinux Symposium or didn’t get a chance to see the Tresys Brickwall preview the presentation has been posted to the web on the Tresys product webpage.

Security: ptrace bug (CVE-2006-1052)

by James Morris |  Monday, March 13th, 2006

Stephen Smalley has announced a bug in the SELinux kernel code with security implications. At this stage, it appears to be limited in scope as the underlying DAC controls will still operate and exploitation is rather convoluted. A simple patch has been added to Andrew Morton’s -mm tree, while a cleaner but more invasive fix is planned for 2.6.17.

Vendor updates to follow.

Symposium Materials Online

by James Morris |  Thursday, March 9th, 2006

Via Frank Meyer, the slides and papers from the Symposium are now posted online here, along with a summary of the developer summit.

SELinux BOF at OLS 2006

by James Morris |  Wednesday, March 8th, 2006

Stephen Smalley has announced an SELinux BOF (Bird of Feather) session for this year’s Ottawa Linux Symposium.

Actually, there are three more security-related BOFs:

Reference Policy release

by Joshua Brindle |  Tuesday, March 7th, 2006

A new release of the SELinux Reference Policy is now available on SourceForge from http://serefpolicy.sourceforge.net. The primary activity for this release has been renaming interfaces to improve the naming consistency, in an effort to stabilize the API.

(more…)