SELinux

From eLinux.org
Revision as of 15:39, 7 April 2009 by ThomasPetazzoni (Talk | contribs)

Jump to: navigation, search

SELinux -- Security Enhanced Linux

Current works about embedded SELinux

Many codes are submitted to Linux and userland community.

Linux kernel

2.6.18

Xattr support for jffs2

2.6.24

Reducing read/write overhead[1]

Reducing memory usage:[2]

Improving performance in AVC miss:[3]

2.6.25

Audit support for SH:[4]

SELinux userland

Reducing size of library: Merged to libselinux 2.0.35: [5]

BusyBox

Applets related to SELinux are merged to BusyBox in 1.8.0.

Support to assign domain to applets is merged to 1.8.0: [6]

Policy

SELinux Policy Editor will be helpful. See [7].

If you prefer fine grained configuration, Reference policy[8] is better.

Example of porting

Openmoko port

http://code.google.com/p/selinux-openmoko/

http://www.cse.psu.edu/~mhassan/openmoko_se/

Technical documents, presentations

  • SELinux for Consumer Electronics Devices, Paper for Ottawa Linux Symposium 2008, paper and video.
  • Example of porting to SH (Super H) was reported in CELF Jambolee #18: [9].
  • Xattr port to jffs2 (Japanese), [10]

Remaining issues

Policy

xattr

logfs, yaffs, cramfs do not support xattr yet.

Size