SELinux In Linux 6.6 Removes References To Its Origins At The US NSA

Written by Michael Larabel in Linux Security on 29 August 2023 at 09:00 PM EDT. 53 Comments
LINUX SECURITY
Security Enhanced Linux (SELinux) has been part of the mainline kernel for two decades to provide a security module implementing access control security policies and is now widely-used for enhancing the security of production Linux servers and other systems. Those that haven't been involved with Linux for a long time may be unaware that SELinux originates from the US National Security Agency (NSA). But now with Linux 6.6 the NSA references are being removed.

The United States National Security Agency worked on the original code around Security Enhanced Linux and was the primary original developer. The NSA has continued to contribute to SELinux over the years while with its increased adoption does see contributions from a wide range of individuals and organizations.

United States National Security Agency seal


With a lot of bad press for the NSA over the past decade due to various scandals, some open-source enthusiasts have questioned the NSA's involvement in SELinux and made other critical remarks. While there are NSA developers that remain involved with SELinux, beginning in Linux 6.6 the "NSA" references are being dropped -- in part to reflect that it's not an NSA-only affair.

selinux: de-brand SELinux
A portion of the patch entitled "selinux: de-brand SELinux" to remove NSA references.


The SELinux pull request was sent in today with adding a notice if virtual memory is executable by default, new network auditing helpers, various defenses improved, and more. What caught my attention with the PR was:
- Minor administrative changes

Stephen Smalley updated his email address and "debranded" SELinux from "NSA SELinux" to simply "SELinux". We've come a long way from the original NSA submission and I would consider SELinux a true community project at this point so removing the NSA branding just makes sense.

The patch that strips out the "NSA" references from the SELinux code and Kconfig text adds:
Change "NSA SELinux" to just "SELinux" in Kconfig help text and comments. While NSA was the original primary developer and continues to help maintain SELinux, SELinux has long since transitioned to a wide community of developers and maintainers. SELinux has been part of the mainline Linux kernel for nearly 20 years now and has received
contributions from many individuals and organizations.

So with Linux 6.6 and after about two decades of being inside the kernel, there are no longer any NSA SELinux references.
53 Comments
Related News
Linux BHI Mitigation Being Tweaked Following 12% Database Performance Hit
Linux 6.9-rc4 To Bring New Fixes For x86 Speculation Mitigations
Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability
GitHub Disables The XZ Repository Following Today's Malicious Disclosure
XZ Struck By Malicious Code That Could Allow Unauthorized Remote System Access
Linux 6.9 Sees Further Security Hardening
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Fedora Linux 40 Cleared For Release Next Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance