Security-Enhanced Linux Contributors The following organizations and individuals have contributed to the Security-Enhanced Linux (SELinux) project. The listing of contributors is partitioned into three lists: - a list of the original four organizations that contributed to the initial public release of SELinux, - a list of external individuals and organizations that have contributed to the upstream NSA SELinux releases available from this site since that initial release, and - a list of external individuals and organizations that have made contributions to SELinux available elsewhere. When appropriate, an external individual or organization may appear in both of the latter two sections. Further information about contributions may be available in the selinux/CREDITS file. The Original Contributors The National Security Agency (NSA) Researchers in NSA's Information Assurance Research Group designed and implemented flexible mandatory access controls in the major subsystems of the Linux kernel and implemented the new operating system components provided by the Flask architecture, namely the security server and the access vector cache. The NSA researchers reworked the LSM-based SELinux for inclusion in mainline 2.6. Network Associates Laboratories (NAI Labs) The Secure Execution Environments (SEE) group of NAI Labs implemented several additional kernel mandatory access controls, developed the example security policy configuration, ported to the Linux 2.4 kernel, contributed to the development of the Linux Security Modules kernel patch, and adapted the SELinux prototype to LSM. The MITRE Corporation The MITRE Corporation developed application security policies and documentation for the Apache web server, Sendmail, and crond. They are currently developing policy analysis tools. Secure Computing Corporation (SCC) Secure Computing Corporation developed a preliminary security policy configuration for the system that was used as a starting point for NAI Labs' configuration. They also developed several new or modified utilities. External Contributors to the Upstream NSA SELinux Ryan Bergauer Ryan Bergauer contributed the policy configuration for Samba. Russell Coker Russell Coker has significantly expanded and improved the example policy configuration. He has also enhanced the run_init and spasswd utilities, developed a devfsd module for managing devfs file contexts, implemented improvements to the setfiles program, and extended strace to trace SELinux system calls. Carsten Grohmann Carsten Grohmann contributed the policy configuration for Amanda, and several patches to other policy files. Paul Krumviede Paul Krumviede contributed to the IPSEC policy configuration. Brian May Brian May contributed several new domains and patches to the policy configuration. James Morris James Morris developed the SELinux labeled networking support, using the LSM networking hooks which he also developed. He also provided patches and feedback for the SELinux security module. Yuichi Nakamura Yuichi Nakamura contributed the initial policy configuration for BIND. Shaun Savage Shaun Savage helped in porting several of the SELinux utility patches to newer RedHat base versions, and he contributed several domains to the example policy configuration. Rogelio Serrano Jr. Rogelio Serrano Jr. contributed a patch to the SELinux security module to support automatic type transitions for pts nodes in devfs. Justin Smith Justin Smith contributed a domain for ipchains, some patches to the existing policy configuration, and the initial version of the newrules.pl script for generating allow rules from audit messages. Tresys Technology Tresys Technology contributed tools for policy analysis, user management, and policy customization. Frank Mayer of Tresys Technology contributed a patch that added new domains, made several changes to the existing policy, and changed the policy build process to support policy management. He also contributed a patch to extend the username definition. Reino Wallin Reino Wallin of Oribium Labs contributed some patches to the network policy configuration. Dan Walsh Dan Walsh of Red Hat ported the SELinux daemon and utility patches to the new 2.6 SELinux API and to the RH9 packages. He also ported newrole and run_init to the new 2.6 SELinux API Colin Walters Colin Walters contributed build patches and cleanups for the 2.6-based SELinux, enhanced chcon to accept individual field options, and contributed the policy regression testing patch and package metadata patch. Mark Westerman Mark Westerman contributed several domains to the example policy configuration, and he developed the default user patch for Linux users who do not need to be distinguished by the SELinux policy. David A. Wheeler David A. Wheeler contributed several new domains to the policy configuration, provided feedback on the existing configuration, and made a number of helpful suggestions for improving the SELinux policy. External Contributors to the SELinux Community Russell Coker Russell Coker has ported and packaged SELinux for Debian. This work included adapting the build/install process, porting several SELinux application patches to the Debian base packages, developing new SELinux patches for additional applications, and extending the policy for Debian. Russell has handed off maintenance of the SELinux package for Debian stable to Brian May. Brian Fegler Brian Fegler contributed the cando script for analyzing rules from a policy.conf file. Carsten Grohmann Carsten Grohmann adapted the policy configuration for SuSE, and he created a mailing list for German-language SELinux users. Brian May Brian May is now maintaining SELinux packages for Debian stable, having adapted Russell Coker's earlier work for Debian unstable. Steve Tate Steve Tate of the University of North Texas (UNT) COPS Lab has developed a GUI browser for analyzing type enforcement rules from the compiled policy. Tresys Technology Tresys Technology developed several policy tools and some policy primer documents for SELinux. Tom Vogt Tom Vogt developed patches for the Apache and MySQL policies, and developed a SubVersion policy. Reino Wallin Reino Wallin of Oribium Labs developed a policy for a proxy firewall. Colin Walters Colin Walters ported and packaged the 2.6-based SELinux for Debian. Mark Westerman Mark Westerman developed a patch for the GNOME Display Manager for SELinux, and he has created RPMs for SELinux. Linux is a registered trademark of Linus Torvalds Secure Computing is a registered trademark of Secure Computing Corporation NAI is a trademark of Networks Associates Technology, Inc. MITRE is a registered trademark of The MITRE Corporation