SELinux MLS

slimm609 · 08-24-2007, 09:11 AM

I wanted to find out if anyone has messed with the SELinux MLS policys or have used SELinux in a MLS environment. I know MLS is a who different side of selinux but i want to try and implement it along with a grsecurity protections and a few others. But if anyone has used MLS on linux and has any pointers please let me know.

Thanks

unSpawn · 08-25-2007, 06:08 PM

No, I've never tried MLS as I'm still trying to reconcile myself with "targetted". As far as I know MLS would require you to build a policy from scratch for *everything* (though reasing http://fedoraproject.org/wiki/SELinux/FedoraMLSHowto it sounds kinda easy ;-p). BTW you can't have AND GRsecurity AND LSM in one running kernel, AFAIK they're incompatible.

slimm609 · 08-25-2007, 07:10 PM

you can run both on the same kernel at the same time but the issue is you can't have 2 access control methods. So i can run the kernel protection of grsecurity but the MAC of selinux. I just can't run gradm at all.

There are a few mls policies out there but I was not sure if anyone has messed with MLS

unSpawn · 08-26-2007, 05:36 AM

i can run the kernel protection of grsecurity but the MAC of selinux. I just can't run gradm at all.
Thanks for the info. It triggered me to read up on things and apparently so it is possible.

slimm609 · 08-26-2007, 10:12 AM

I got bored so i started researching mls and somehow got the bright idea of hey why dont i try to build a trusted linux distro. and needless to say i am beating my head off the wall about MLS. I have the system almost build with grsecurity/selinux/ssp/pie/pic/hardened program patch then i get to start trying to do mls.

unSpawn · 08-26-2007, 10:24 AM

Gentoo (apparently the "easy" way for all the help and docs) or another dist?

slimm609 · 08-26-2007, 03:50 PM

i am creating my own trusted distro. I like using slackware as a base because of the installer being all bash. I dont have to worry about python or anything else. Just bash