On Mon, Apr 19, 2021 at 3:43 PM Ted Toth <txtoth@xxxxxxxxx> wrote: > > Having read: > https://www.redhat.com/en/about/press-releases/red-hat-adds-common-criteria-certification-red-hat-enterprise-linux-8 > and seen no mention of SELinux I/we are wondering what others are thinking/doing about the lack of certification? Are we going to have to take this on ourselves and if so what would be a good starting point (LSPP)? As a reminder, the SELinux developers list is an upstream list for the discussion and development of SELinux; it is not a distro specific list. While the general topic of security certifications such as Common Criteria can be on-topic for this list, distro specific security certifications are likely best discussed with the individual distro/vendor. Last I checked, a CC eval of a general purpose Linux distro was a rather expensive undertaking, I doubt that any of the volunteer based, non "enterprise" distros would be able to go through such a certification without some form of sponsorship or corporate backing. -- paul moore www.paul-moore.com
