Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I wanted to find out if anyone has messed with the SELinux MLS policys or have used SELinux in a MLS environment. I know MLS is a who different side of selinux but i want to try and implement it along with a grsecurity protections and a few others. But if anyone has used MLS on linux and has any pointers please let me know.
No, I've never tried MLS as I'm still trying to reconcile myself with "targetted". As far as I know MLS would require you to build a policy from scratch for *everything* (though reasing http://fedoraproject.org/wiki/SELinux/FedoraMLSHowto it sounds kinda easy ;-p). BTW you can't have AND GRsecurity AND LSM in one running kernel, AFAIK they're incompatible.
you can run both on the same kernel at the same time but the issue is you can't have 2 access control methods. So i can run the kernel protection of grsecurity but the MAC of selinux. I just can't run gradm at all.
There are a few mls policies out there but I was not sure if anyone has messed with MLS
i can run the kernel protection of grsecurity but the MAC of selinux. I just can't run gradm at all.
Thanks for the info. It triggered me to read up on things and apparently so it is possible.
I got bored so i started researching mls and somehow got the bright idea of hey why dont i try to build a trusted linux distro. and needless to say i am beating my head off the wall about MLS. I have the system almost build with grsecurity/selinux/ssp/pie/pic/hardened program patch then i get to start trying to do mls.
i am creating my own trusted distro. I like using slackware as a base because of the installer being all bash. I dont have to worry about python or anything else. Just bash
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.