next
23.10.02, 20:20
An updated public release of the LSM-based SELinux prototype was made today. See selinux/ChangeLog for a detailed summary of the changes. A few highlights are listed below:
* Updated the base 2.5 kernel version to 2.5.44. The base 2.4 kernel version remains at 2.4.19, but many changes have been made to the 2.4 LSM patch and to the 2.4 SELinux module since the last release.
* Made further revisions to the LSM sock hooks and the corresponding SELinux hook functions to ensure proper labeling of outgoing packets when the sock is not attached to a user socket.
* Exterminated precondition functions from the SELinux module. Added early initialization support and inode_init hooks to the SELinux kernel patch.
* Added capability check for KDSKBENT and KDSKBSENT ioctls (loadkeys).
* Removed obsolete permissions from access_vectors and policy.
* Added signull permission for kill(pid, 0).
* Restructured the architecture-specific code in the SELinux module.
* Fixed bugs in the audit code, the constraint code, and the persistent label mapping code in the SELinux kernel module.
* Changed the modified login, sshd, and crond to use the new libsecure functions and the new /etc/security/default_contexts configuration.
* Merged many contributed policy enhancements.
* Updated the SELinux tar patch to tar-1.13.25-4.7.1.
* Fixed bugs in setfiles, suseradd, and the fileutils patch.
quelle: http://www.nsa.gov/selinux/
hat schon mal einer ne version davon getestet?
* Updated the base 2.5 kernel version to 2.5.44. The base 2.4 kernel version remains at 2.4.19, but many changes have been made to the 2.4 LSM patch and to the 2.4 SELinux module since the last release.
* Made further revisions to the LSM sock hooks and the corresponding SELinux hook functions to ensure proper labeling of outgoing packets when the sock is not attached to a user socket.
* Exterminated precondition functions from the SELinux module. Added early initialization support and inode_init hooks to the SELinux kernel patch.
* Added capability check for KDSKBENT and KDSKBSENT ioctls (loadkeys).
* Removed obsolete permissions from access_vectors and policy.
* Added signull permission for kill(pid, 0).
* Restructured the architecture-specific code in the SELinux module.
* Fixed bugs in the audit code, the constraint code, and the persistent label mapping code in the SELinux kernel module.
* Changed the modified login, sshd, and crond to use the new libsecure functions and the new /etc/security/default_contexts configuration.
* Merged many contributed policy enhancements.
* Updated the SELinux tar patch to tar-1.13.25-4.7.1.
* Fixed bugs in setfiles, suseradd, and the fileutils patch.
quelle: http://www.nsa.gov/selinux/
hat schon mal einer ne version davon getestet?