![[LWN Logo]](/images/lwn.banner.gif)
Subject: ANNOUNCE: Mandatory Access Control/Compartments
To: linux-kernel@vger.rutgers.edu
Date: Mon, 14 Feb 2000 13:23:33 +0000 (GMT)
From: Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Announcing a very early alpha release of MAC (Mandatory Access Control)
support for Linux. This distribution contains a patch against kernel
2.2.12, patches for userland utilities ipchains and ip and a filesystem
module mlsfs which together allow you to do divide a running Linux
system into separate mutually-invisible compartments, each effectively
looking like a different "virtual machine". Compartments cannot see
processes (via "ps" or kill) in other compartments. Compartments can
have different routing tables which can be configured so that they each
have their own IP addresses, routing information and such like.
Filesystems can be configured so that only a given compartment has
access to them (more flexible than chroot).
This initial distribution implements integrity labels only at the
moment and not sensitivity labels (following the KISS principle that
compartment separation and system integrity labels are more useful in
real life than sensitivity gradings). For full installation
instructions and a description of what you can do with the code and
how to do it, see
http://users.ox.ac.uk/~mbeattie/linux/README.mac30-20000214
The distribution itself, which consists of a 28K tar.gz file that the
necessary patches and the above README, is available from
ftp://ftp.ox.ac.uk/pub/linux/mac30-20000214.tar.gz
or
http://users.ox.ac.uk/~mbeattie/linux/mac30-20000214.tar.gz
(note the first URL is ftp, the second URL is http).
Comments welcome.
--Malcolm
--
Malcolm Beattie <mbeattie@sable.ox.ac.uk>
Unix Systems Programmer
Oxford University Computing Services
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/