On Tuesday 19 December 2006 05:26, Mohammad Mahmoudi wrote: > Does SELinux satisfy all of the LSPP requirements for > Common Criteria certification at EAL4?
Not by itself. SE Linux meets the labeled access control part, but there are many more requirements that are met by different subsystems. For example, there was considerable audit work to meet a portion of the requirements. We also had to revisit all the programs that were patched to log audit events and make sure the labels were logged, too. Some SE Linux utilities needed to be patched to log audit events. We didn't have to do filesystem polyinstantiation, but a new pam module was written to simulate it via some new syscalls and bind mount. SE Linux also had to be extended into networking. And cups needed a lot of work since that's one path to export labeled data. Xinetd needed labeled networking support as well as some updates to how it launches applications. And cron needed some work to make sure it launches user tasks in the correct context. The final results when you consider all the work done on all the subsystems is that it will meet LSPP/EAL4 (or we'll keep at it until it does). -Steve -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
