[Security_sig] Draft Linux requirements for US Department of the Army (DA)

Stephen Smalley sds at epoch.ncsc.mil
Thu Feb 10 05:56:11 PST 2005


On Thu, 2005-02-10 at 08:52, Andy Murren wrote:
> Feel free to cut and paste what you want.  Please give me feed back.
> Some of the requirements cannot be changed, I don't control them.
> Question any one you would like though. 

Why would you mandate that SELinux _not_ be used?  Very odd.  SELinux in
Linux 2.6 is quite functional.  It is true, as we have always noted,
that SELinux by itself does not constitute a complete security solution,
but that is true of any access control solution and it doesn't mean that
the omission of SELinux yields an improvement in system security. 
SELinux is integrated and enabled by default in Fedora Core 3 and RHEL4
from Red Hat.  It is also being used as the basis for a MLS-enabled
Linux being developed by Trusted Computer Solutions that is targeting
evaluation against LSPP, and they have just contributed the kernel MLS
support back to the upstream SELinux.

-- 
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency




More information about the security_sig mailing list