-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathSEBSD.txt
28 lines (21 loc) · 1.07 KB
/
SEBSD.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
SEBSD - Security-Enhanced BSD
SPARTA, Inc.
SEBSD is an experimental implementation of NSA's FLASK and Type Enforcement
technologies, ported from SELinux using the TrustedBSD MAC Framework. SEBSD
consists of the following components:
- FreeBSD 7.x source tree.
- SEBSD policy module (src/sys/security/sebsd/)
- NSA's FLASK security architecture, including Access Vector Cache
(AVC).
- SEBSD wrapper, to sit between the MAC Framework and FLASK
- NSA's Type Enforcement policy "security server"
- Modified SELinux sample policy, capable of running (with some limitations)
on SEBSD. (src/contrib/sebsd/policy/)
- Modifications to the FreeBSD 7.x kernel to extend the MAC Framework to
support additional labeling and enforcement points required by SEBSD.
(src/sys)
- Modifications to the FreeBSD 7.x user space to support transition-based
labeling changes as part of user credential events. (src/)
- SELinux userland components, including libsepol, libselinux, libsemanage,
and policy tools. (src/contrib/sebsd/{checkpolicy,libselinux,libsepol,
libsemanage,policycoreutils}/)