Open Source

33240 readers

626 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]

129

TIL the NSA created SELinux and various other FOSS projects (code.nsa.gov)

submitted 1 week ago by [email protected] to c/[email protected]

17 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] mholiv 26 points 1 week ago (9 children)

Thank goodness for selinux. Without it Linux would not be a secure OS.

And no AppArmor does not do the same thing. You need the mandatory part for mandatory access controls to work.

[–] homura1650 18 points 1 week ago (1 children)

Also, AppArmor might not exist without SELinux.

When the NSA first implemented SELinux, they did so directly, but were not able to get that merged into mainline because there was concern that SELinux was not the correct solution.

What they ended up doing was creating the Linux Security Modules (LSM) framework, which is just a bunch of hooks in the kernel that a module can implement. SELinux was then rewritten as LSM module. This allowed other solutions like AppArmor to be implemented without any invasive work; they could just plug into the same system SELinux used.

Some time later, the ability to run multiple LSMs at once was added.

Incidentally, Linux capabilities are also implemented as an LSM.

[–] mholiv 5 points 1 week ago

TIL. Very cool.

load more comments (7 replies)