-
Notifications
You must be signed in to change notification settings - Fork 0
SELinux security policy for OpenWrt
License
tobiaswaldvogel/selinux-policy
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
SELinux security policy for OpenWrt
Homepage:
https://github.com/DefenSec/selinux-policy
Requirements:
SELinux CIL compiler (secilc) and optionally policycoreutils (setfiles) for the check Makefile target (make check)
Introduction:
This repository contains a basic modern SELinux security policy
designed specifically for OpenWrt. It uses the Type-Enforcement
security model to implement a targeted policy model that covers a
moderate selection of basic components with the goal of enhancing
integrity to help ensure continuity of systems operations.
Security-Enhanced Linux (SELinux) is a flexible framework that
allows for fine-grained mandatory access control.
The SELinux policy is written in modern Common Intermediate
Language that is native to SELinux and can easily be extended to
address a wide variety of access control challenges. The
permissive license allows for creation of custom policy models
based off of this basic SELinux policy to be enclosed -for
example using the Image Builder that supports SELinux- as a
replacement.
Installation:
Please see support/selinux-policy-XXXX for an example package
manifest for OpenWrt.
Notes:
Some chips might lack support for CONFIG_STRICT_KERNEL_RWX and in
that scenario you will see unexplained "execute", "execmem" and
possibly "execstack" events. These events can be suppressed with:
echo 1 > /sys/fs/selinux/checkreqprot.
About
SELinux security policy for OpenWrt
Resources
License
Stars
Watchers
Forks
Packages 0
No packages published