Announcing a very early alpha release of MAC (Mandatory Access Control)
support for Linux. This distribution contains a patch against kernel
2.2.12, patches for userland utilities ipchains and ip and a filesystem
module mlsfs which together allow you to do divide a running Linux
system into separate mutually-invisible compartments, each effectively
looking like a different "virtual machine". Compartments cannot see
processes (via "ps" or kill) in other compartments. Compartments can
have different routing tables which can be configured so that they each
have their own IP addresses, routing information and such like.
Filesystems can be configured so that only a given compartment has
access to them (more flexible than chroot).
This initial distribution implements integrity labels only at the
moment and not sensitivity labels (following the KISS principle that
compartment separation and system integrity labels are more useful in
real life than sensitivity gradings). For full installation
instructions and a description of what you can do with the code and
how to do it, see
http://users.ox.ac.uk/~mbeattie/linux/README.mac30-20000214
The distribution itself, which consists of a 28K tar.gz file that the
necessary patches and the above README, is available from
ftp://ftp.ox.ac.uk/pub/linux/mac30-20000214.tar.gz
or
http://users.ox.ac.uk/~mbeattie/linux/mac30-20000214.tar.gz
(note the first URL is ftp, the second URL is http).
Comments welcome.
--Malcolm
-- Malcolm Beattie <mbeattie@sable.ox.ac.uk> Unix Systems Programmer Oxford University Computing Services- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:27 EST