archive mirror
 help / color / mirror / Atom feed
From: "Lorenzo Hernández García-Hierro" <>
Cc:, Stephen Smalley <>,
Subject: [PATCH] Security-Enhanced Linux back port for 2.4 rev.0.3 (20050108)
Date: Sun, 09 Jan 2005 02:07:35 +0100	[thread overview]
Message-ID: <1105232856.24876.58.camel@localhost.localdomain> (raw)

[-- Attachment #1: Type: text/plain, Size: 2715 bytes --]


During the past week, I've progressively worked on the back porting of
the latest features and fixes applied to 2.6 SELinux-related code, so,
we can now make use of them in 2.4.

I know that 2.4 is in maintenance mode, but this was mainly just for my
own fun and learning profit, even if there are some technical reasons to
do it.

Documentation and tracking is available at:

The patches can be retrieved by checking out the 2.4-backport module in
the SELinux CVS at SourceForge.Net:

Under ./pre-patches/ you can find the latest patches that are not yet

ASAP i will try to validate it's capabilities and see what's working and
what's not, and this will happen after i solve some personal
infrastructure problems.

The BTS at should be used to
report bugs and so on.
I would appreciate a lot any type of help, testing would be surely
appreciated, and any type of feedback would be good too (even if you
want to say it's crap, which i don't think so ;) ).

If there's someone that made this possible, it's Stephen D. Smalley
which helped me giving me his attention and time to solve my extensive
lack of knowledge and skills.

Also i want to say thanks to Russell Coker from Red Hat for giving me
access to a testing machine where i can run out the back port kernel
patches, and also for helping me when understanding how the SELinux
policy works.

Currently, I'm researching on a possible bug introduced by an incorrect
back porting of the latest anonymous memory mappings control features.
Also, dynamic context transitions and mount contexts are not supported
because of lack of some code that makes me almost unable to back port
them without doing extra, geekish, hacking in the kernel core and memory
management stuff (help really welcome).

In short, the back port is now fully supporting up to v18 policies which
includes almost the Netlink classes (not fully back ported support, even
for ipv6 and some other things may be not fully supported as well) and
the policy booleans, etc (v15->v17).

Those who are using or testing the 0.2 revision are encouraged to move
to latest 0.3 pre-patches, as a kernel oops due to inexistent (and
superfluous) SLAB_PANIC handling has been solved since past 0.2

Lorenzo Hernández García-Hierro <> [1024D/6F2B2DEC]
[2048g/9AE91A22] Hardened Debian head developer & project manager -

[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

                 reply	other threads:[~2005-01-09  1:08 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1105232856.24876.58.camel@localhost.localdomain \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).