Hi,
During the past week, I've progressively worked on the back porting of
the latest features and fixes applied to 2.6 SELinux-related code, so,
we can now make use of them in 2.4.
I know that 2.4 is in maintenance mode, but this was mainly just for my
own fun and learning profit, even if there are some technical reasons to
do it.
Documentation and tracking is available at:
http://selinux.tuxedo-es.org/2.4-backport/
The patches can be retrieved by checking out the 2.4-backport module in
the SELinux CVS at SourceForge.Net:
http://cvs.sourceforge.net/viewcvs.py/selinux/2.4-backport/
Under ./pre-patches/ you can find the latest patches that are not yet
stable:
http://cvs.sourceforge.net/viewcvs.py/selinux/2.4-backport/pre-patches/
ASAP i will try to validate it's capabilities and see what's working and
what's not, and this will happen after i solve some personal
infrastructure problems.
The BTS at http://selinux.tuxedo-es.org/tracking/ should be used to
report bugs and so on.
I would appreciate a lot any type of help, testing would be surely
appreciated, and any type of feedback would be good too (even if you
want to say it's crap, which i don't think so ;) ).
If there's someone that made this possible, it's Stephen D. Smalley
which helped me giving me his attention and time to solve my extensive
lack of knowledge and skills.
Also i want to say thanks to Russell Coker from Red Hat for giving me
access to a testing machine where i can run out the back port kernel
patches, and also for helping me when understanding how the SELinux
policy works.
Currently, I'm researching on a possible bug introduced by an incorrect
back porting of the latest anonymous memory mappings control features.
Also, dynamic context transitions and mount contexts are not supported
because of lack of some code that makes me almost unable to back port
them without doing extra, geekish, hacking in the kernel core and memory
management stuff (help really welcome).
In short, the back port is now fully supporting up to v18 policies which
includes almost the Netlink classes (not fully back ported support, even
for ipv6 and some other things may be not fully supported as well) and
the policy booleans, etc (v15->v17).
Those who are using or testing the 0.2 revision are encouraged to move
to latest 0.3 pre-patches, as a kernel oops due to inexistent (and
superfluous) SLAB_PANIC handling has been solved since past 0.2
revisions.
Cheers,
--
Lorenzo Hern?ndez Garc?a-Hierro <[email protected]> [1024D/6F2B2DEC]
[2048g/9AE91A22] Hardened Debian head developer & project manager
http://www.tuxedo-es.org - http://lorenzo.debian-hardened.org