The Simplified Mandatory Access Control Kernel (Smack) provides a complete Linux kernel based mechanism for protecting processes and data from inappropriate manipulation. Smack uses process, file, and network labels combined with an easy to understand and manipulate way to identify the kind of accesses that should be allowed.

Availability

As of 2.6.25 Smack is in the mainline kernel. The best place to get Smack is from the latest kernel version on The Linux Kernel Archives . There are multiple distributions (alas, I'm not at liberty to say which ones) that have begun the process of incorporating Smack. Stay tuned for announcements.

Downloads

The smack-util-0.1 tarball includes the source and source patches for the current set of Smack utilities, including the current busybox updates. The smack-util-0.1-x86 tarball includes the x86 binaries for the current set of Smack utilities, including the initial busybox. Use these binaries at your own risk. They have received some verification, and significant use, not they are not guaranteed complete.

The white paper is a work in progress. Your kind feedback is appreciated. It was last updated on March 7, 2008. The Server Guide is a discussion on how to configure servers on Smack.

View Current Packages.

Links

For more information about Smack, check out the following links.

If you'd like to join the project please let me know. casey, here at schaufler-ca.com. There are a number of projects in networking, file systems, and applications that I would be happy to have more hands working on.

The presentation from the January 2008 linux.conf.au is an overview of Smack. The presentation from the July 2008 Ottawa Linux Symposium describes how Smack can be used in embedded systems.

Portrait of Casey Schaufler Copyright © 2007-2009 Casey Schaufler, all rights reserved.