Debian kernels

To: dilinger@debian.org, debian-devel@lists.debian.org
Subject: Debian kernels
From: Russell Coker <russell@coker.com.au>
Date: Sun, 29 May 2005 16:09:00 +1000
Message-id: <[🔎] 200505291609.03512.russell@coker.com.au>
Reply-to: russell@coker.com.au

The current Debian kernels have SE Linux compiled in, but not in a form that 
is usable.

The option CONFIG_AUDIT needs to be enabled to allow SE Linux access denials 
to be logged, without this it is impossible to use SE Linux.  While making 
such changes enabling the option CONFIG_AUDITSYSCALL would be useful, this 
enables auditing of the system calls performed by applications.  Using this 
requires the auditd package to be installed (*).

http://www.nsa.gov/selinux/code/download5.cfm

There is also a patch to 2.6.11 that changes the checks for executable memory 
which is needed to make a Debian SE Linux system usable.  It's available at 
the above URL and should be in 2.6.12.  It would be good if this patch could 
be included into a Debian 2.6.11 kernel package to enable testing and 
development of SE Linux on Debian.


(*) I don't have time to take on another package at the moment.  But I would 
be happy to help someone who wants to package auditd.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: Debian kernels
  - From: Laszlo Boszormenyi <gcs@lsc.hu>

Prev by Date: Helping you stay on top
Next by Date: Re: unrar version confusion
Previous by thread: Helping you stay on top
Next by thread: Re: Debian kernels
Index(es):
- Date
- Thread