SELinux

Initially a project to port the work developing a mandatory access control architecture done by the National Security Agency (NSA) and the Secure Computing Corporation (SCC) on the Mach and Fluke OS's to Linux.

http://www.nsa.gov/selinux/index.cfm

A paper on why mandatory access controls are a good and likely a necessary thing can be found here: http://www.nsa.gov/selinux/papers/inevit-abs.cfm


SELinux on Debian

The selinux suite for Debian 3.0 is found in three packages: selinux, libselinux-dev and kernel-patch-2.4-lsm. The kernel patch package also contains a port of ?OpenWall along with a port of ["SELinux"].

As of 10 May 2004 in Debian/unstable the patch depends on kernel-patch-acl which in turn brings in kernel-patch-exec-shield.

Check the package change logs for information about what kernels are supported and what other patches are required. Notes on applying the patch can be found on the ?KernelPatchPackage page.