NSA Logotype

Implementing SELinux as a Linux Security Module
  Security Enhanced Linux
  Overview
Line Spacer
What's New
Line Spacer
Frequently Asked Questions
Line Spacer
Background
Line Spacer
Documentation
Line Spacer
License
Line Spacer
Download
Line Spacer
Participating
Line Spacer
  Mail List Archives
Line Spacer
Remaining Work
Line Spacer
Contributors
Line Spacer
Security Enhanced Linux Press Release
Line Spacer
About NSA
Line Spacer
Employment Opportunities
Line Spacer
NSA Home Page		  

Stephen Smalley, Chris Vance, and Wayne Salamon (NAI Labs)

Initial version: December 2001, Last revised: May 2002

Abstract

This technical report describes the implementation of the LSM-based SELinux security module. The report begins by providing an overview of LSM and a review of the SELinux basic concepts. It then provides a summary of how the LSM-based SELinux security module differs from the original SELinux kernel patch. Several aspects of the SELinux security module are then described, including its internal architecture, its initialization and exit code, its support for stacking with other security modules, and its approach for implementing the new SELinux system calls. The remainder of the report is then spent documenting the SELinux hook function implementations, organized into sections for each grouping of LSM hooks.

About NSA   Employment Opportunities   INFOSEC   History   Releases
Line Spacer
National Cryptologic Museum   Mathematics & Education   Tech Transfer

 NSA Seal