Release Notes: The SELinux module has been merged into the mainline kernel as of 2.6.0-test3. This release includes new kernel patches based on the 2.6.0-test3 kernel and a backport of the 2.6 SELinux module to the 2.4.21 kernel. The new API is consistent between 2.4 and 2.6. The old 2.4 API and user-space utilities are no longer actively maintained. There have been a number of bug fixes and cleanups to the library and utilities, as well as new contributions to the example policy.
Release Notes: The base kernel versions have been updated to 2.5.74 and 2.4.21. The SELinux API redesign with xattr support has been completed for the 2.5-based kernel. The SELinux daemon and utility patches have been ported to the new API. Support for the AT_SECURE auxv entry was added. Changes were made to bprm hook permission checking and nosuid operation. A report, "Securing the X Window System with SELinux", was added to documentation discussing adding SELinux controls to the window system. Many contributed patches have been merged, and RPM spec files and SRPMs are now provided.
Release Notes: The example policy has been updated with enhancements and cleanups. A number of bugs have been fixed in the SELinux module. The updated module is available for the ia32 2.4.20 Linux kernel. The updated module is also available for both the mainline 2.5.66 Linux kernel and an LSM patched 2.5.66 Linux kernel. The new mainline module also includes work in preparation for a new SELinux API. Finally, a port of SELinux to the arm 2.4.19 kernel is also now available.
Release Notes: The base 2.5 kernel version has been updated to 2.5.58. The base 2.4 kernel version remains at 2.4.20, but the LSM patch and the SELinux module for 2.4 have changed since the last release. New contributed policy analysis and policy management tools have been added to the provided tools and utilities. Hooks for xattr operations were added to 2.4. Inode security initialization has been reworked using the d_instantiate hook. The nfsd private file bug in 2.4 has been fixed and the task_kill bug in 2.5 has been fixed.
Release Notes: The base kernel versions have been updated to 2.4.20 and 2.5.51. Initial SID and context for SCMP packets have been added. Additional policy enhancement and patch contributions have been merged. The logrotate patch has been updated to 3.6.5-2. The private file oversight in LSM, the inode_doinit bug in SELinux, and the selopt compile problems have all been fixed.
Release Notes: The base 2.5 kernel version has been updated to 2.5.44. The base 2.4 kernel version remains at 2.4.19, but many changes have been made to the 2.4 LSM patch and to the 2.4 SELinux module since the last release. The modified login, sshd, and crond programs have been updated to use a new configuration scheme. Socket handling has been improved. Internally, precondition functions have been removed in favor of early initialization support. The modified tar has been updated to tar-1.13.25. A number of other improvements, bugfixes, and policy enhancements have taken place.
Release Notes: The base kernel versions were updated to 2.4.19 and 2.5.31. The SELinux peer SID functionality was re-implemented with new sock hooks; the accept_secure call should now be reliable. The sysctl hook and /proc/sys labeling were made configurable. Other minor enhancements were made including checkpolicy and the example policy. Bugs were fixed in auditing logic, PSID mapping code, and the ipc permission hook.
Release Notes: The development (2.5) LSM-based SELinux prototype was updated to kernel 2.5.24. The OpenSSH patch has been updated to openssh-3.4p1. The file system labeling support has been generalized and labeling for kernel-generated IGMP and ICMP traffic has been added. Many improvements have been made in the policy, including making many policy sections optional, changing the audit configuration syntax, adding explicit type attribute declarations, and merging many contributed domains and policy changes. The technical report describing configuration of the policy has also been updated.
Release Notes: The stable (2.4) LSM-based SELinux prototype remains at kernel 2.4.18. The development (2.5) LSM-based SELinux prototype was updated to kernel 2.5.19. The MLS support has been enhanced, although it is still experimental. Support was added for selecting enforcing mode at boot/insertion time. The extended socket call processing was encapsulated and made optional. Connection peer SID lists for accept_secure were implemented.
Release Notes: Two new technical reports are available in the documentation: a document describing the policy language and a document describing the current LSM implementation of SELinux. The stable (2.4) LSM-based SELinux prototype remains at kernel 2.4.18. The development (2.5) LSM-based SELinux prototype was updated to kernel 2.5.10. A number of policy improvements, minor feature enhancements, and bugfixes have also been made.