[CentOS] SELinux - way of the future or good idea but !!!

Lamar Owen lowen at pari.edu
Tue Nov 30 22:16:30 UTC 2010


On Tuesday, November 30, 2010 04:52:42 pm Les Mikesell wrote:
> I thought there was a security API in the kernel that was designed 
> specifically _not_ to lock it to an implementation.  

Yes; Linux Security Modules (LSM).  According to the wikipedia.org page on said subject, the current 'officially' recognized modules are: AppArmor, SELinux, SMACK, and TOMOYO Linux.

> Is there a 
> standards group for SELinux?  It's one thing to follow Posix, something 
> else to be locked to a non-standard concept.

Hmmm, https://security.wiki.kernel.org/index.php/Projects seems to be the place to look for information on the general topic of security (and lists more modules than the Wikipedia article referenced above).  The SELinux site itself is selinuxproject.org which has a lot of information; quite a bit updated since the last time I looked.

It's as standard as pretty much any other open source project; there have been several developer summits, for instance, and it has some well established commercial players working together.  But if you're looking for an ISO or ANSI or IEEE committee, no, none that I can tell.  Nor is there one for the Linux kernel, or for glibc, for that matter.  Or TCP/IP, either.



More information about the CentOS mailing list