linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] Security-Enhanced Linux back port for 2.4 rev.0.3 (20050108)
@ 2005-01-09  1:07 Lorenzo Hernández García-Hierro
  0 siblings, 0 replies; only message in thread
From: Lorenzo Hernández García-Hierro @ 2005-01-09  1:07 UTC (permalink / raw)
  To: linux-kernel; +Cc: selinux, Stephen Smalley, russell

[-- Attachment #1: Type: text/plain, Size: 2715 bytes --]

Hi,

During the past week, I've progressively worked on the back porting of
the latest features and fixes applied to 2.6 SELinux-related code, so,
we can now make use of them in 2.4.

I know that 2.4 is in maintenance mode, but this was mainly just for my
own fun and learning profit, even if there are some technical reasons to
do it.

Documentation and tracking is available at:
http://selinux.tuxedo-es.org/2.4-backport/

The patches can be retrieved by checking out the 2.4-backport module in
the SELinux CVS at SourceForge.Net:

http://cvs.sourceforge.net/viewcvs.py/selinux/2.4-backport/

Under ./pre-patches/ you can find the latest patches that are not yet
stable:
http://cvs.sourceforge.net/viewcvs.py/selinux/2.4-backport/pre-patches/

ASAP i will try to validate it's capabilities and see what's working and
what's not, and this will happen after i solve some personal
infrastructure problems.

The BTS at http://selinux.tuxedo-es.org/tracking/ should be used to
report bugs and so on.
I would appreciate a lot any type of help, testing would be surely
appreciated, and any type of feedback would be good too (even if you
want to say it's crap, which i don't think so ;) ).

If there's someone that made this possible, it's Stephen D. Smalley
which helped me giving me his attention and time to solve my extensive
lack of knowledge and skills.

Also i want to say thanks to Russell Coker from Red Hat for giving me
access to a testing machine where i can run out the back port kernel
patches, and also for helping me when understanding how the SELinux
policy works.

Currently, I'm researching on a possible bug introduced by an incorrect
back porting of the latest anonymous memory mappings control features.
Also, dynamic context transitions and mount contexts are not supported
because of lack of some code that makes me almost unable to back port
them without doing extra, geekish, hacking in the kernel core and memory
management stuff (help really welcome).

In short, the back port is now fully supporting up to v18 policies which
includes almost the Netlink classes (not fully back ported support, even
for ipv6 and some other things may be not fully supported as well) and
the policy booleans, etc (v15->v17).

Those who are using or testing the 0.2 revision are encouraged to move
to latest 0.3 pre-patches, as a kernel oops due to inexistent (and
superfluous) SLAB_PANIC handling has been solved since past 0.2
revisions.

Cheers,
-- 
Lorenzo Hernández García-Hierro <lorenzo@gnu.org> [1024D/6F2B2DEC]
[2048g/9AE91A22] Hardened Debian head developer & project manager
http://www.tuxedo-es.org - http://lorenzo.debian-hardened.org

[-- Attachment #2: Esta parte del mensaje está firmada digitalmente --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2005-01-09  1:08 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-01-09  1:07 [PATCH] Security-Enhanced Linux back port for 2.4 rev.0.3 (20050108) Lorenzo Hernández García-Hierro

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).