On Tue, Dec 19, 2006 at 08:35:42AM -0500, Steve Grubb wrote: > On Tuesday 19 December 2006 05:26, Mohammad Mahmoudi wrote: > > Does SELinux satisfy all of the LSPP requirements for > > Common Criteria certification at EAL4? > > Not by itself. SE Linux meets the labeled access control part, but there are > many more requirements that are met by different subsystems.
In addition to what Steve said, keep in mind that "EAL4" refers to the assurance level which covers a lot of things other than the software implementation itself, for example testing, high- and low-level design documents, configuration management, delivery & operation, flaw remediation, vulnerability analysis and more, so it would be inappropriate to say that "SELinux" meets the requirements. You need to consider the developer (Red Hat) and the sponsor (who usually provides additional testing and documents) also. > We didn't have to do filesystem polyinstantiation, but a new pam module was > written to simulate it via some new syscalls and bind mount. SE Linux also > had to be extended into networking. Strictly speaking polyinstantiation isn't needed for LSPP compliance, but it is needed to make MLS work on a legacy unixlike system with non-MLS-aware applications. > The final results when you consider all the work done on all the subsystems > is > that it will meet LSPP/EAL4 (or we'll keep at it until it does). http://selinux-symposium.org/2007/abstracts.php#extending ;-) -Klaus -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
