Difference between revisions of "SELinux"

From eLinux.org
Jump to: navigation, search
(Codes about embedded SELinux)
m (Add category)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
[http://www.nsa.gov/selinux/ SELinux -- Security Enhanced Linux]
 
[http://www.nsa.gov/selinux/ SELinux -- Security Enhanced Linux]
  
= Codes about embedded SELinux =
+
= Current works about embedded SELinux =
 
Many codes are submitted to Linux and userland community.
 
Many codes are submitted to Linux and userland community.
  
Line 29: Line 29:
  
 
== Policy ==
 
== Policy ==
Policy was the most difficulty part in SELinux.
+
SELinux Policy Editor will be helpful. See [http://seedit.sourceforge.net/].
SELinux Policy Editor will be helpful.
+
See [http://seedit.sourceforge.net/].
+
  
= Related presentations =
+
If you prefer fine grained configuration,
== CELF Jambolee ==
+
Reference policy[http://oss.tresys.com/projects/refpolicy] is better.
Example of porting to SH(Super H) was reported in CELF Jambolee #18: [http://tree.celinuxforum.org/CelfPubWiki/JapanTechnicalJamboree18].
+
  
Xattr port to jffs2(Japanese)[http://www.celinuxforum.org/CelfPubWiki/JapanTechnicalJamboree11?action=AttachFile&do=get&target=CELF1027.pdf]
+
= Example of porting =
 +
== Openmoko port ==
 +
http://code.google.com/p/selinux-openmoko/
 +
 
 +
http://www.cse.psu.edu/~mhassan/openmoko_se/
 +
 
 +
= Technical documents, presentations =
 +
* SELinux for Consumer Electronics Devices, Paper for Ottawa Linux Symposium 2008, [http://ols.fedoraproject.org/OLS/Reprints-2008/nakamura-reprint.pdf paper] and [http://free-electrons.com/pub/video/2008/ols/ols2008-yuichi-nakamura-selinux.ogg video].
 +
* Example of porting to SH (Super H) was reported in CELF Jambolee #18: [http://tree.celinuxforum.org/CelfPubWiki/JapanTechnicalJamboree18].
 +
* Xattr port to jffs2 (Japanese), [http://www.celinuxforum.org/CelfPubWiki/JapanTechnicalJamboree11?action=AttachFile&do=get&target=CELF1027.pdf]
 +
 
 +
= Remaining issues =
 +
=== Policy ===
 +
 
 +
=== xattr ===
 +
logfs, yaffs, cramfs do not support xattr yet.
 +
 
 +
=== Size ===
 +
 
 +
 
 +
[[Category:Security]]

Latest revision as of 22:09, 27 October 2011

SELinux -- Security Enhanced Linux

Current works about embedded SELinux

Many codes are submitted to Linux and userland community.

Linux kernel

2.6.18

Xattr support for jffs2

2.6.24

Reducing read/write overhead[1]

Reducing memory usage:[2]

Improving performance in AVC miss:[3]

2.6.25

Audit support for SH:[4]

SELinux userland

Reducing size of library: Merged to libselinux 2.0.35: [5]

BusyBox

Applets related to SELinux are merged to BusyBox in 1.8.0.

Support to assign domain to applets is merged to 1.8.0: [6]

Policy

SELinux Policy Editor will be helpful. See [7].

If you prefer fine grained configuration, Reference policy[8] is better.

Example of porting

Openmoko port

http://code.google.com/p/selinux-openmoko/

http://www.cse.psu.edu/~mhassan/openmoko_se/

Technical documents, presentations

  • SELinux for Consumer Electronics Devices, Paper for Ottawa Linux Symposium 2008, paper and video.
  • Example of porting to SH (Super H) was reported in CELF Jambolee #18: [9].
  • Xattr port to jffs2 (Japanese), [10]

Remaining issues

Policy

xattr

logfs, yaffs, cramfs do not support xattr yet.

Size