Subject: ANNOUNCE: Mandatory Access Control/Compartments To: linux-kernel@vger.rutgers.edu Date: Mon, 14 Feb 2000 13:23:33 +0000 (GMT) From: Malcolm Beattie <mbeattie@sable.ox.ac.uk> Announcing a very early alpha release of MAC (Mandatory Access Control) support for Linux. This distribution contains a patch against kernel 2.2.12, patches for userland utilities ipchains and ip and a filesystem module mlsfs which together allow you to do divide a running Linux system into separate mutually-invisible compartments, each effectively looking like a different "virtual machine". Compartments cannot see processes (via "ps" or kill) in other compartments. Compartments can have different routing tables which can be configured so that they each have their own IP addresses, routing information and such like. Filesystems can be configured so that only a given compartment has access to them (more flexible than chroot). This initial distribution implements integrity labels only at the moment and not sensitivity labels (following the KISS principle that compartment separation and system integrity labels are more useful in real life than sensitivity gradings). For full installation instructions and a description of what you can do with the code and how to do it, see http://users.ox.ac.uk/~mbeattie/linux/README.mac30-20000214 The distribution itself, which consists of a 28K tar.gz file that the necessary patches and the above README, is available from ftp://ftp.ox.ac.uk/pub/linux/mac30-20000214.tar.gz or http://users.ox.ac.uk/~mbeattie/linux/mac30-20000214.tar.gz (note the first URL is ftp, the second URL is http). Comments welcome. --Malcolm -- Malcolm Beattie <mbeattie@sable.ox.ac.uk> Unix Systems Programmer Oxford University Computing Services - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/