I agree, vserver is an interesting project. I have looked at porting vserver to the LSM interface, and other than lack of time, much of the porting would be trivial. If anyone is interested in tackling such a port, check out http://lsm.immunix.org for LSM project and mailing list info and chime in;-)
As James pointed out, LSM is not SELinux either. LSM is a framework which allows pluggable kernel modules to implement security models. SELinux is an example of a security model that is pluggable into the LSM framework. As is LIDS. LSM as a project has greatly benefitted from security projects like SELinux and LIDS being ported to the LSM interface, because they have helped define and augment the interface.
> in FreeBSD you have a "kernel security level" man securelevel
Work is underway porting BSD secure levels to LSM. Secure levels is a nice compromise between a potentially difficult to configure security model like SELinux and a weak/useless one like chroot.
Some effort has been put into porting LOMAC to both LSM and TrustedBSD. This effort has stalled out due to lack of funding. If anyone is interested, the LOMAC port to LSM should be simple to pick up. http://lsm.immunix.org has info on LSM and the mailing list. We are always looking for people to help.
> One nice project is TrustedBSD [trustedbsd.org], parts of which will appear in FreeBSD 5.0.
Yes, it's also interesting to note that the TrustedBSD code is moving towards a pluggable interface similar to LSM. In fact, SELinux (SEBSD) is being ported to TrustedBSD.
Current StackGuard 3.0 development is based on gcc 3.x, with a backport to the 2.96 gcc shipped with RH 7.3 for validation. The development is complete to lab/alpha release. As the kinks are worked out, we will attempt to merge StackGuard into gcc mainline.
Also, StackGuard is not commercial. It is fully GPL and available as a patch as well as an rpm from ftp://ftp.ibiblio.org/pub/linux/distributions/immu nix/7.0/i386/extras/
For more information, see http://immunix.org/stackguard.html
LSM in full is not in 2.5.27. The LSM patch has begun being merged into mainline 2.5, however the merge will take some time. At this point much of the core functionality has not been merged.
Slashdot Mirror
I agree, vserver is an interesting project. I have looked at porting vserver to the LSM interface, and other than lack of time, much of the porting would be trivial. If anyone is interested in tackling such a port, check out http://lsm.immunix.org for LSM project and mailing list info and chime in ;-)
thanks,
-chris
As James pointed out, LSM is not SELinux either. LSM is a framework which allows pluggable kernel modules to implement security models. SELinux is an example of a security model that is pluggable into the LSM framework. As is LIDS. LSM as a project has greatly benefitted from security projects like SELinux and LIDS being ported to the LSM interface, because they have helped define and augment the interface.
thanks,
-chris
> in FreeBSD you have a "kernel security level" man securelevel
Work is underway porting BSD secure levels to LSM. Secure levels is a nice compromise between a potentially difficult to configure security model like SELinux and a weak/useless one like chroot.
thanks,
-chris
Some effort has been put into porting LOMAC to both LSM and TrustedBSD. This effort has stalled out due to lack of funding. If anyone is interested, the LOMAC port to LSM should be simple to pick up. http://lsm.immunix.org has info on LSM and the mailing list. We are always looking for people to help.
thanks,
-chris
> One nice project is TrustedBSD [trustedbsd.org], parts of which will appear in FreeBSD 5.0.
Yes, it's also interesting to note that the TrustedBSD code is moving towards a pluggable interface similar to LSM. In fact, SELinux (SEBSD) is being ported to TrustedBSD.
thanks,
-chris
Current StackGuard 3.0 development is based on gcc 3.x, with a backport to the 2.96 gcc shipped with RH 7.3 for validation. The development is complete to lab/alpha release. As the kinks are worked out, we will attempt to merge StackGuard into gcc mainline.
u nix/7.0/i386/extras/
Also, StackGuard is not commercial. It is fully GPL and available as a patch as well as an rpm from ftp://ftp.ibiblio.org/pub/linux/distributions/imm
For more information, see http://immunix.org/stackguard.html
thanks,
-chris
LSM in full is not in 2.5.27. The LSM patch has begun being merged into mainline 2.5, however the merge will take some time. At this point much of the core functionality has not been merged.
thanks,
-chris