Version 2004031009 of NSA Security-enhanced Linux

Release Notes: Experimental SELinux NFS code has been made available. The base kernel version for 2.4 has been updated to 2.4.25. The base version for 2.6 remains 2.6.3, but the SELinux patch has been updated. Fine-grained boolean labeling support has been merged. The userspace AVC has been enhanced to handle netlink selinux notifications. MLS improvements have been merged, as well as updates to slat and the example policy.

Other releases

Release Notes: This release is based on Linux 2.6.11. The SELinux kernel patch for 2.6.11 includes enhanced MLS support, changes to the execute-related permission checking for legacy binaries, and an extension to the /proc/pid/attr API to allow use by scripts. Enhanced MLS support has been merged into the userspace libraries and tools. The libraries and tools have been modified to allow local customization of file contexts and users without requiring policy sources, and to preserve certain types that are marked as being customizable upon relabels.

Release Notes: This release is based on Linux 2.6.10, but the current SELinux patch for the kernel includes a number of changes merged after 2.6.10 was released, including the AVC scalability work, AVC API and statistics support, dynamic context transition support, and enhanced controls over executable mappings. The checkpolicy policy compiler has been updated to order node context entries and to support supplementary type attribute declarations. Several improvements to libselinux, policycoreutils, and policy have been merged. Updated versions of setools, slat, and polgen were added.

Release Notes: This release is based on Linux 2.6.9, and includes significant scalability enhancements to the core SELinux code. Numerous improvements to libselinux, policycoreutils, and policy have also been merged. An updated version of setools from Tresys has been merged. Updated userland patches and SRPMS have been merged from the Fedora Core 3 development tree. This release includes the first public release of a new tool by MITRE, polgen, which attempts to generate policy for an application based on patterns in its behavior.

Release Notes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.7. Fine-grained netlink classes and permissions have been added. Many enhancements and bugfixes for policy as well as userland tools including slat and setools have been incorporated.

Release Notes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.6. Several races and kernel socket creation problems were fixed and a runtime disable was added. The old 2.4-based kernel patch was ported to 2.4.26. The userland patches were updated from Fedora Core 2 development. There are now man pages for libselinux. X server security classes and access vector definitions were added and many policy updates were made.

Screenshot

Project Spotlight

giflib

A library that decodes and encodes GIF image files.

Screenshot

Project Spotlight

Aspose.Diagram for .NET

A class library for working with MS Visio files.