Difference between revisions of "SELinux"
(→Policy) |
m (Add category) |
||
(11 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[http://www.nsa.gov/selinux/ SELinux -- Security Enhanced Linux] | [http://www.nsa.gov/selinux/ SELinux -- Security Enhanced Linux] | ||
− | = | + | = Current works about embedded SELinux = |
Many codes are submitted to Linux and userland community. | Many codes are submitted to Linux and userland community. | ||
Line 34: | Line 34: | ||
Reference policy[http://oss.tresys.com/projects/refpolicy] is better. | Reference policy[http://oss.tresys.com/projects/refpolicy] is better. | ||
− | = | + | = Example of porting = |
− | == | + | == Openmoko port == |
− | + | http://code.google.com/p/selinux-openmoko/ | |
− | Xattr port to jffs2(Japanese)[http://www.celinuxforum.org/CelfPubWiki/JapanTechnicalJamboree11?action=AttachFile&do=get&target=CELF1027.pdf] | + | http://www.cse.psu.edu/~mhassan/openmoko_se/ |
+ | |||
+ | = Technical documents, presentations = | ||
+ | * SELinux for Consumer Electronics Devices, Paper for Ottawa Linux Symposium 2008, [http://ols.fedoraproject.org/OLS/Reprints-2008/nakamura-reprint.pdf paper] and [http://free-electrons.com/pub/video/2008/ols/ols2008-yuichi-nakamura-selinux.ogg video]. | ||
+ | * Example of porting to SH (Super H) was reported in CELF Jambolee #18: [http://tree.celinuxforum.org/CelfPubWiki/JapanTechnicalJamboree18]. | ||
+ | * Xattr port to jffs2 (Japanese), [http://www.celinuxforum.org/CelfPubWiki/JapanTechnicalJamboree11?action=AttachFile&do=get&target=CELF1027.pdf] | ||
+ | |||
+ | = Remaining issues = | ||
+ | === Policy === | ||
+ | |||
+ | === xattr === | ||
+ | logfs, yaffs, cramfs do not support xattr yet. | ||
+ | |||
+ | === Size === | ||
+ | |||
+ | |||
+ | [[Category:Security]] |
Latest revision as of 15:09, 27 October 2011
SELinux -- Security Enhanced Linux
Contents
Current works about embedded SELinux
Many codes are submitted to Linux and userland community.
Linux kernel
2.6.18
Xattr support for jffs2
2.6.24
Reducing read/write overhead[1]
Reducing memory usage:[2]
Improving performance in AVC miss:[3]
2.6.25
Audit support for SH:[4]
SELinux userland
Reducing size of library: Merged to libselinux 2.0.35: [5]
BusyBox
Applets related to SELinux are merged to BusyBox in 1.8.0.
Support to assign domain to applets is merged to 1.8.0: [6]
Policy
SELinux Policy Editor will be helpful. See [7].
If you prefer fine grained configuration, Reference policy[8] is better.
Example of porting
Openmoko port
http://code.google.com/p/selinux-openmoko/
http://www.cse.psu.edu/~mhassan/openmoko_se/
Technical documents, presentations
- SELinux for Consumer Electronics Devices, Paper for Ottawa Linux Symposium 2008, paper and video.
- Example of porting to SH (Super H) was reported in CELF Jambolee #18: [9].
- Xattr port to jffs2 (Japanese), [10]
Remaining issues
Policy
xattr
logfs, yaffs, cramfs do not support xattr yet.