SEFlow uses the SELinux technology to provide security centered on individual data objects in a running system instead of focusing on static system facilities. Thus it is suitable to prevent accidental linking of code under open source licenses with proprietary code, making a tainting mechanism similar to the one used in the Linux kernel possible in userspace.
|Operating Systems||POSIX Linux|
Release Notes: To demonstrate the possibility of combining independent policy factors, a factor that blocks network access was created. This way, network access of processes can be disabled without interfering with other constraints.
Release Notes: A working policy calculus to combine multiple policies has been implemented.