12 September 2023

With the update to Linux Kernel 6.6, SELinux breaks away from the NSA label

The update to Linux Kernel 6.6 removes all references to the NSA in SELinux, signaling its evolution as a community-driven security project.

SELinux, an acronym for Security Enhanced Linux, is an important security mechanism that has been integrated into the Linux kernel for about two decades. Despite the criticism and the tendency of some system administrators to disable it immediately after installing a new machine (“It's SELinux's fault”), this tool is one of the most sophisticated for system protection. It is particularly popular in Red Hat-based distributions, where it is used to protect machine workloads with a high degree of granularity.

Origins and Relationship with the NSA

One thing that many may not know is that SELinux was originally developed by the United States National Security Agency (NSA). Considering the function of this system, which is to protect data and services running on a Linux machine, the involvement of the national security agency seems almost obvious.

New Developments with the Linux Kernel 6.6

According to a recent report from Phoronix, the update to Linux Kernel 6.6 brought about a significant change: all references to the NSA within the source code have been removed. To be more specific, labels like “NSA SELinux Support” have been replaced by “SELinux Support”. This movement symbolizes SELinux's transition from an intelligence-related project to a community project.

This change is as significant as it is logical.

The pull request responsible for this change was made by Stephen Smalley, who "debranded" the SELinux section, removing any reference to the NSA name. Smalley justified his decision with the following words:

“We've come a long way from the original NSA submission and I would consider SELinux a true community project at this point so removing the NSA branding just makes sense.”

In translation, Smalley's words sound like this:

“We've come a long way since the NSA first introduced it and I would consider SELinux a true community project at this point, so removing the NSA branding just makes sense.”

It's been a long time since the NSA first introduced SELinux, and today the project has grown into a community-supported reality. Therefore, eliminating any references to the NSA in the source code is a logical and overdue step.

Insight into SELinux

SELinux works through a set of security policies that control access to files and execution of processes. It uses a label structure to ensure that only authorized processes have access to their respective system files and resources. In practice, this allows any intrusions or compromises to be contained, limiting the extent of the damage.

SELinux's effectiveness lies in its layered security model and its ability to apply granular policies. This makes it an extremely robust solution for organizations that need to protect sensitive data and critical applications.

For those who want to delve deeper into its functioning at a systemic level, we have talked about it in detail here: What is SELINUX?

Conclusion

With the arrival of Linux Kernel 6.6, SELinux finally breaks away from its NSA-related label, marking a new phase in its development as a community-driven security tool. Despite its roots, SELinux has earned its reputation as one of the most advanced and reliable Linux security tools, a go-to for system administrators interested in protecting their workloads.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds owns the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Facebook, Inc. owns the rights to Facebook®; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV This site is not affiliated, sponsored, or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a registered trademark at European level by MANAGED SERVER SRL Via Enzo Ferrari, 9 62012 Civitanova Marche (MC) Italy.

Back to top