Hi, During the past week, I've progressively worked on the back porting of the latest features and fixes applied to 2.6 SELinux-related code, so, we can now make use of them in 2.4. I know that 2.4 is in maintenance mode, but this was mainly just for my own fun and learning profit, even if there are some technical reasons to do it. Documentation and tracking is available at: http://selinux.tuxedo-es.org/2.4-backport/ The patches can be retrieved by checking out the 2.4-backport module in the SELinux CVS at SourceForge.Net: http://cvs.sourceforge.net/viewcvs.py/selinux/2.4-backport/ Under ./pre-patches/ you can find the latest patches that are not yet stable: http://cvs.sourceforge.net/viewcvs.py/selinux/2.4-backport/pre-patches/ ASAP i will try to validate it's capabilities and see what's working and what's not, and this will happen after i solve some personal infrastructure problems. The BTS at http://selinux.tuxedo-es.org/tracking/ should be used to report bugs and so on. I would appreciate a lot any type of help, testing would be surely appreciated, and any type of feedback would be good too (even if you want to say it's crap, which i don't think so ;) ). If there's someone that made this possible, it's Stephen D. Smalley which helped me giving me his attention and time to solve my extensive lack of knowledge and skills. Also i want to say thanks to Russell Coker from Red Hat for giving me access to a testing machine where i can run out the back port kernel patches, and also for helping me when understanding how the SELinux policy works. Currently, I'm researching on a possible bug introduced by an incorrect back porting of the latest anonymous memory mappings control features. Also, dynamic context transitions and mount contexts are not supported because of lack of some code that makes me almost unable to back port them without doing extra, geekish, hacking in the kernel core and memory management stuff (help really welcome). In short, the back port is now fully supporting up to v18 policies which includes almost the Netlink classes (not fully back ported support, even for ipv6 and some other things may be not fully supported as well) and the policy booleans, etc (v15->v17). Those who are using or testing the 0.2 revision are encouraged to move to latest 0.3 pre-patches, as a kernel oops due to inexistent (and superfluous) SLAB_PANIC handling has been solved since past 0.2 revisions. Cheers, -- Lorenzo Hernández García-Hierro [1024D/6F2B2DEC] [2048g/9AE91A22] Hardened Debian head developer & project manager http://www.tuxedo-es.org - http://lorenzo.debian-hardened.org