Projects / NSA Security-enhanced Linux / Releases / Minor feature enhancements

RSS All releases tagged Minor feature enhancements

Release Notes: This release is based on Linux 2.6.11. The SELinux kernel patch for 2.6.11 includes enhanced MLS support, changes to the execute-related permission checking for legacy binaries, and an extension to the /proc/pid/attr API to allow use by scripts. Enhanced MLS support has been merged into the userspace libraries and tools. The libraries and tools have been modified to allow local customization of file contexts and users without requiring policy sources, and to preserve certain types that are marked as being customizable upon relabels.

Release Notes: This release is based on Linux 2.6.10, but the current SELinux patch for the kernel includes a number of changes merged after 2.6.10 was released, including the AVC scalability work, AVC API and statistics support, dynamic context transition support, and enhanced controls over executable mappings. The checkpolicy policy compiler has been updated to order node context entries and to support supplementary type attribute declarations. Several improvements to libselinux, policycoreutils, and policy have been merged. Updated versions of setools, slat, and polgen were added.

Release Notes: This release is based on Linux 2.6.9, and includes significant scalability enhancements to the core SELinux code. Numerous improvements to libselinux, policycoreutils, and policy have also been merged. An updated version of setools from Tresys has been merged. Updated userland patches and SRPMS have been merged from the Fedora Core 3 development tree. This release includes the first public release of a new tool by MITRE, polgen, which attempts to generate policy for an application based on patterns in its behavior.

Release Notes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.7. Fine-grained netlink classes and permissions have been added. Many enhancements and bugfixes for policy as well as userland tools including slat and setools have been incorporated.

Release Notes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.6. Several races and kernel socket creation problems were fixed and a runtime disable was added. The old 2.4-based kernel patch was ported to 2.4.26. The userland patches were updated from Fedora Core 2 development. There are now man pages for libselinux. X server security classes and access vector definitions were added and many policy updates were made.

Release Notes: The current prototype and the experimental NFS code are now based on Linux kernel 2.6.5. IPv6 support has been added. A new sestatus utility is available. A number of bugs have been fixed, and many updates have been made to the example policy.

Release Notes: Experimental SELinux NFS code has been made available. The base kernel version for 2.4 has been updated to 2.4.25. The base version for 2.6 remains 2.6.3, but the SELinux patch has been updated. Fine-grained boolean labeling support has been merged. The userspace AVC has been enhanced to handle netlink selinux notifications. MLS improvements have been merged, as well as updates to slat and the example policy.

Release Notes: The base kernel versions have been updated to 2.5.74 and 2.4.21. The SELinux API redesign with xattr support has been completed for the 2.5-based kernel. The SELinux daemon and utility patches have been ported to the new API. Support for the AT_SECURE auxv entry was added. Changes were made to bprm hook permission checking and nosuid operation. A report, "Securing the X Window System with SELinux", was added to documentation discussing adding SELinux controls to the window system. Many contributed patches have been merged, and RPM spec files and SRPMs are now provided.

Release Notes: The base kernel versions have been updated to 2.4.20 and 2.5.51. Initial SID and context for SCMP packets have been added. Additional policy enhancement and patch contributions have been merged. The logrotate patch has been updated to 3.6.5-2. The private file oversight in LSM, the inode_doinit bug in SELinux, and the selopt compile problems have all been fixed.

Release Notes: The base 2.5 kernel version has been updated to 2.5.44. The base 2.4 kernel version remains at 2.4.19, but many changes have been made to the 2.4 LSM patch and to the 2.4 SELinux module since the last release. The modified login, sshd, and crond programs have been updated to use a new configuration scheme. Socket handling has been improved. Internally, precondition functions have been removed in favor of early initialization support. The modified tar has been updated to tar-1.13.25. A number of other improvements, bugfixes, and policy enhancements have taken place.

Screenshot

Project Spotlight

psensor

A graphical temperature monitor for Linux.

Screenshot

Project Spotlight

Timeline

A cross-platform application for displaying and navigating events on a timeline.