About the Book
Please note that the content of this book primarily consists of articles available from Wikipedia or other free sources online. Pages: 46. Chapters: Anticipatory scheduling, AppArmor, AQuoSA, Binfmt misc, CFQ, Cgroups, Chroot, Completely Fair Scheduler, Crypto API (Linux), Devfsd, Device mapper, Direct Rendering Manager, Dm-crypt, Dnotify, Epoll, Evdev, Filesystem in Userspace, Futex, Inotify, Ipchains, Iptables, Journaling block device, Kernel-based Virtual Machine, Kernel marker, Kexec, Lguest, Libipq, Linux-VServer, Linux DM Multipath, Logical Volume Manager (Linux), Loop device, Magic SysRq key, Netlink, Network block device, New API, OProfile, Perf (Linux), Procfs, Raw device, RSBAC, Seccomp, Security-Enhanced Linux, Splice (system call), Swsusp, Sysfs, TOMOYO Linux, Transcendent memory, Udev, USB core, Volume group. Excerpt: Security-Enhanced Linux (SELinux) is a Linux feature that provides the mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of kernel modifications and user-space tools that can be added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency. It has been integrated into the mainline Linux kernel since version 2.6, on 8 August 2003. The United States National Security Agency (NSA), the original primary developer of SELinux, released the first version to the open source development community under the GNU GPL on December 22, 2000. The software merged into the mainline Linux kernel 2.6.0-test3, released on 8 August 2003. Other significant contributors include Network Associates, Red Hat, Secure Computing Corporation, Tresys Technology, and Trusted Computer Solutions. Experimental ports of the FLASK/TE implementation have been made available via the TrustedBSD Project for the FreeBSD and Darwin operating systems. From NSA Security-enhanced Linux Team: "NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. It includes a set of s