All releases of NSA Security-enhanced Linux

  •  09 Mar 2005 22:38
Avatar

    Release Notes: This release is based on Linux 2.6.11. The SELinux kernel patch for 2.6.11 includes enhanced MLS support, changes to the execute-related permission checking for legacy binaries, and an extension to the /proc/pid/attr API to allow use by scripts. Enhanced MLS support has been merged into the userspace libraries and tools. The libraries and tools have been modified to allow local customization of file contexts and users without requiring policy sources, and to preserve certain types that are marked as being customizable upon relabels.

    •  18 Jan 2005 19:15
    Avatar

      Release Notes: This release is based on Linux 2.6.10, but the current SELinux patch for the kernel includes a number of changes merged after 2.6.10 was released, including the AVC scalability work, AVC API and statistics support, dynamic context transition support, and enhanced controls over executable mappings. The checkpolicy policy compiler has been updated to order node context entries and to support supplementary type attribute declarations. Several improvements to libselinux, policycoreutils, and policy have been merged. Updated versions of setools, slat, and polgen were added.

      •  03 Nov 2004 21:35
      Avatar

        Release Notes: This release is based on Linux 2.6.9, and includes significant scalability enhancements to the core SELinux code. Numerous improvements to libselinux, policycoreutils, and policy have also been merged. An updated version of setools from Tresys has been merged. Updated userland patches and SRPMS have been merged from the Fedora Core 3 development tree. This release includes the first public release of a new tool by MITRE, polgen, which attempts to generate policy for an application based on patterns in its behavior.

        •  29 Jun 2004 22:48
        Avatar

          Release Notes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.7. Fine-grained netlink classes and permissions have been added. Many enhancements and bugfixes for policy as well as userland tools including slat and setools have been incorporated.

          •  14 May 2004 04:01
          Avatar

            Release Notes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.6. Several races and kernel socket creation problems were fixed and a runtime disable was added. The old 2.4-based kernel patch was ported to 2.4.26. The userland patches were updated from Fedora Core 2 development. There are now man pages for libselinux. X server security classes and access vector definitions were added and many policy updates were made.

            •  08 Apr 2004 14:50
            Avatar

              Release Notes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.5. IPv6 support has been added. A new sestatus utility is available. A number of bugs have been fixed, and many updates have been made to the example policy.

              •  12 Mar 2004 22:02
              Avatar

                Release Notes: Experimental SELinux NFS code has been made available. The base kernel version for 2.4 has been updated to 2.4.25. The base version for 2.6 remains 2.6.3, but the SELinux patch has been updated. Fine-grained boolean labeling support has been merged. The userspace AVC has been enhanced to handle netlink selinux notifications. MLS improvements have been merged, as well as updates to slat and the example policy.

                •  24 Feb 2004 01:21
                Avatar

                  Release Notes: The base kernel versions have been updated to 2.4.24 and 2.6.3. The 2.6.3 kernel patches include significant enhancements including port-based controls, mount context options, and conditional policy extensions. libselinux now includes code for a userspace AVC and discovers the selinuxfx mount point at runtime. Many other updates and bugfixes have been applied.

                  •  05 Dec 2003 23:18
                  Avatar

                    Release Notes: The base kernel versions have been updated to 2.4.23 and 2.6.0-test11. In 2.6.0-test11, controls have been added for inheritance of signal-related state and resource limits, and the network interface and node controls have been reimplemented. SysVinit has been patched to eliminate the need for a modified initrd. Login now uses a pam_selinux module. Many other updates have been made to the tools, utilities, and userland patches.

                    •  02 Oct 2003 17:25
                    Avatar

                      Release Notes: Kernel patches for 2.6.0-test6 and 2.4.21 are available. The updated kernel patches include support for an selinux boot parameter and improved auditing. A number of bugfixes and improvements have been integrated into the user space tools and utilities. SRPMs for newer Red Hat packages are available. The star package has been added. The example policy has been updated. Improvements have been made to existing policy tools, and a new policy analysis tool has been added.

                      Screenshot

                      Project Spotlight

                      episoder

                      A tool to tell you about new episodes of your favourite TV shows.

                      Screenshot

                      Project Spotlight

                      BalanceNG

                      A modern software IP load balancer.