[Security_sig] Reply about draft Army guide
sds at epoch.ncsc.mil
Tue Feb 15 09:20:10 PST 2005
On Tue, 2005-02-15 at 12:15, Andy Murren wrote:
> 2. There are several ways to implement MAC. At the time I started
> this document SELinux was not allowed. Other tools to implement
> MAC include grsecurity (http://www.grsecurity.net/) which is
> available from the grsecurity site and is one of the Gentoo
> Hardened projects. (We may want to review this as an alternative
> to SELinux). I cannot state one way or another what the Army is
> doing about MAC for Linux systems or its position on SELinux.
- SELinux is also included in Hardened Gentoo.
- SELinux is included in RHEL4, which was officially released today by
- grsecurity does not implement MAC per any definition of MAC that would
pass evaluation. It does not support information flow control.
- Many other so-called MAC implementations for Linux are likewise
unsuited for controlling the flow of information throughout the system
and can not support DoD needs.
Stephen Smalley <sds at epoch.ncsc.mil>
National Security Agency
More information about the security_sig