SELinux In Linux 6.6 Removes References To Its Origins At The US NSA

Written by Michael Larabel in Linux Security on 29 August 2023 at 09:00 PM EDT. 53 Comments
LINUX SECURITY
Security Enhanced Linux (SELinux) has been part of the mainline kernel for two decades to provide a security module implementing access control security policies and is now widely-used for enhancing the security of production Linux servers and other systems. Those that haven't been involved with Linux for a long time may be unaware that SELinux originates from the US National Security Agency (NSA). But now with Linux 6.6 the NSA references are being removed.

The United States National Security Agency worked on the original code around Security Enhanced Linux and was the primary original developer. The NSA has continued to contribute to SELinux over the years while with its increased adoption does see contributions from a wide range of individuals and organizations.

United States National Security Agency seal


With a lot of bad press for the NSA over the past decade due to various scandals, some open-source enthusiasts have questioned the NSA's involvement in SELinux and made other critical remarks. While there are NSA developers that remain involved with SELinux, beginning in Linux 6.6 the "NSA" references are being dropped -- in part to reflect that it's not an NSA-only affair.

selinux: de-brand SELinux
A portion of the patch entitled "selinux: de-brand SELinux" to remove NSA references.


The SELinux pull request was sent in today with adding a notice if virtual memory is executable by default, new network auditing helpers, various defenses improved, and more. What caught my attention with the PR was:
- Minor administrative changes

Stephen Smalley updated his email address and "debranded" SELinux from "NSA SELinux" to simply "SELinux". We've come a long way from the original NSA submission and I would consider SELinux a true community project at this point so removing the NSA branding just makes sense.

The patch that strips out the "NSA" references from the SELinux code and Kconfig text adds:
Change "NSA SELinux" to just "SELinux" in Kconfig help text and comments. While NSA was the original primary developer and continues to help maintain SELinux, SELinux has long since transitioned to a wide community of developers and maintainers. SELinux has been part of the mainline Linux kernel for nearly 20 years now and has received
contributions from many individuals and organizations.

So with Linux 6.6 and after about two decades of being inside the kernel, there are no longer any NSA SELinux references.
53 Comments
Related News
OpenPaX Announced As "Open-Source Alternative To GrSecurity" With Free Kernel Patch
Unauthenticated RCE Flaw With CVSS 9.9 Rating For Linux Systems Affects CUPS
Landlock Sandboxing Now Supports More Controls Around Unix Sockets
Linux 6.12 Adds Build Options For Greater Control Over CPU Security Mitigations
Linux 6.12 Landing Integrity Policy Enforcement "IPE" Module
AMD Engineer Proposes "Attack Vector Controls" To Rethink CPU Security Mitigation Handling
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Lands A 2.6% Performance Improvement With Minor Linux Kernel Patch
VMware Workstation Shifting From Proprietary Code To Using Upstream KVM
Intel Spots A 3888.9% Performance Improvement In The Linux Kernel From One Line Of Code
Rust-Based Redox OS Gets RISC-V Working, Also Now Booting On The Raspberry Pi 4
Ubuntu Hoping To Remove Qt 5 Before Ubuntu 26.04 LTS
Valve Engineer Fixes Massive Performance Issue For RADV Driver With AMD FSR2 Sample
KDE Will Nicely Notify You When Apps Are Being Killed Due To Out-Of-Memory
Ubuntu's Great Mainline Kernel PPA Hasn't Been Working Since Mid-September