SELinux
Introduction
["SELinux"] was initially a project to port the work developing a mandatory access control architecture done by the National Security Agency (NSA) and the Secure Computing Corporation (SCC) on the Mach and Fluke OS's to Linux.
The NSA ["SELinux"] website can be found [http://www.nsa.gov/selinux/index.cfm here] and a paper on why mandatory access controls are a good and likely a necessary thing can be found [http://www.nsa.gov/selinux/papers/inevit-abs.cfm here].
Debian SELinux support
The Debian packaged Linux kernels have had ["SELinux"] support compiled in, but disabled by default, since version 2.6.9. In order to activate ["SELinux"] the parameter selinux=1 must be passed to the kernel when booting. Alternatively, you can compile your own kernel with ["SELinux"] enabled by default.
In addition to kernel modifications, several user-space application need to be modified to support ["SELinux"] properly. Not all of these are are in the mainstream Debian repository yet, so you might have to download some packages from [http://www.coker.com.au/selinux/ Russell Cokers ["SELinux"] site] and/or [http://www.golden-gryphon.com/software/security/selinux.xhtml Manoj Srivastavas ["SELinux"] site] where more ["SELinux"] documentation and links can also be found.
For more details on the status of getting ["SELinux"] enabled Debian packages into the mainline repository, see ["SELinuxStatus"].
Debian SELinux links
[http://www.coker.com.au/selinux/ Russell Cokers ["SELinux"] site]
[http://www.golden-gryphon.com/software/security/selinux.xhtml Manoj Srivastavas ["SELinux"] site]
Pre-Sarge Debian SELinux efforts (Obsolete)
The selinux suite for Debian 3.0 could be found in three packages:
- {package:selinux}
- {package:libselinux-dev}
- {package:kernel-patch-2.4-lsm}
The kernel patch package also contained a port of ?OpenWall in addition to ["SELinux"].
After the release of Sarge, the package was removed from unstable and users who wish to use ["SELinux"] are encouraged to use a kernel from the 2.6 kernel tree instead.
See also:
[http://mail.wirex.com/pipermail/linux-security-module/2004-February/5027.html Re: Trouble with installation of lsm kernel patch and SE linux Packages on Debian]
[http://www.jakubholy.net/unix/selinux.html SE Linux for Debian/Testing with the kernel 2.6.6] (October 2004)