The current Debian kernels have SE Linux compiled in, but not in a form that is usable.
The option CONFIG_AUDIT needs to be enabled to allow SE Linux access denials to be logged, without this it is impossible to use SE Linux. While making such changes enabling the option CONFIG_AUDITSYSCALL would be useful, this enables auditing of the system calls performed by applications. Using this requires the auditd package to be installed (*). http://www.nsa.gov/selinux/code/download5.cfm There is also a patch to 2.6.11 that changes the checks for executable memory which is needed to make a Debian SE Linux system usable. It's available at the above URL and should be in 2.6.12. It would be good if this patch could be included into a Debian 2.6.11 kernel package to enable testing and development of SE Linux on Debian. (*) I don't have time to take on another package at the moment. But I would be happy to help someone who wants to package auditd. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
