DOCSLIB.ORG

Analyzing Integrity Protection in the Selinux Example Policy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Analyzing Integrity Protection in the Selinux Example Policy Analyzing Integrity Protection in the SELinux Example Policy Trent Jaeger Reiner Sailer Xiaolan Zhang IBM T. J. Watson Research Center Hawthorne, NY 10532 USA Email: jaegert,sailer,cxzhang ¡ @us.ibm.com Abstract stallations). Recent efforts at MAC systems use flexible access control models to achieve convenient use (e.g., In this paper, we present an approach for analyzing DTOS, Flask [17, 21], etc.), but demonstrating that par- the integrity protection in the SELinux example policy. ticular security goals have been met is more difficult The SELinux example policy is intended as an exam- (and these systems have not been widely used either). ple from which administrators customize to create a pol- Flexible access control models typically result in more icy for their site’s security goals, but the complexity of complex policies, so it is more difficult to determine if the model and size of the policy make this quite com- these policies have the desired effect. plex. Our aim is to provide an access control model to express site security goals and resolve them against the The recent addition of the Linux Security Modules SELinux policy. Ultimately, we aim to define a mini- (LSM) framework [22] enables the MAC enforcement mal trusted computing base (TCB) that satisfies Clark- for the Linux kernel. The LSM framework is designed Wilson integrity, by first testing for the more restrictive to be agnostic to the MAC approach, and it has been de- Biba integrity policy and resolving conflicts using Clark- signed to support modules with flexible MAC models. Wilson semantics. Our policy analysis tool, Gokyo, im- The most comprehensive and flexible module for LSM plements the following approach: (1) it represents the is the SELinux module [18]. While SELinux supports SELinux example policy and our integrity goals; (2) it a variety of policy models itself, an extended Type En- identifies conflicts between them; (3) it estimates the res- forcement (TE) model [5] is used for most policy devel- olutions to these conflicts; and (4) provides information opment. An example policy is under development that for deciding upon a resolution. Using Gokyo, we de- consists of a set of UNIX service and application poli- rive a proposal for a minimal TCB for SELinux includes cies that each aim to ensure effective operation while 30 subject types, and we identify the work remaining preventing security vulnerabilities. The example policy to ensure that TCB is integrity-protected. Our analysis does not define a secure system, but serves as a basis for is performed on the SELinux example policy for Linux developing a secure system once the security goals are 2.4.19. defined. The extended TE model is rather complex (i.e., consists of a large number of concepts) and the SELinux example policy is large (e.g., 50,000+ policy statements in the policy.conf for Linux 2.4.19), so customiza- 1 Introduction tion of the SELinux example policy to a policy that guar- antees satisfaction of system security goals is an arduous and error-prone task. A goal for many years has been effective mandatory ac- cess control (MAC) for UNIX systems. By an effec- While the use of a simpler access control model might tive MAC system, we envision that system administra- make it easier to ensure that security goals are met, tors can define access control policies that guarantee site we believe that this would result in applications fail- security goals while enabling the convenient execution ing to run conveniently, and ultimately, the circumven- of applications. Early MAC policies, such as the Bell- tion of these security goals. The comprehensive na- LaPadula secrecy policy [2] and the Biba integrity pol- ture of the SELinux policy model enables flexible trade- icy [4], defined clear security goals, but were too restric- off between application and security goals. For exam- tive for convenient use for UNIX applications. Commer- ple, the SELinux example policy itself is developed by cial operating systems that were extended to meet Or- proposing application policies and refining them based ange Book B1 (i.e., MAC plus other features) were not on the policy violations that may be generated. Thus, broadly applied (i.e., mainly aimed at government in- the SELinux example policy itself is a direct result of we present related work, and we conclude in Section 6. making these trade-offs. The question is whether a manageable set of effec- tive security goals can be described and verified for 2 SELinux Security Goals SELinux policies. Obviously, it is highly unlikely that the SELinux example policy adheres to a simple high- 2.1 SELinux Policy Model level policy, such as the two-level integrity model of LOMAC [9]. However, the policy may be sufficiently While SELinux supports a variety of access control pol- close to such a policy that the conflicts can be managed icy models [21], the main focus of SELinux policy de- (i.e., either a small number or a small number of equiv- velopment has been an extended Type Enforcement (TE) alence classes). If so, then verification may be possible model [1, 5, 20]. In this section, we provide a brief by verifying the general goals and using ad hoc tech- overview of the SELinux policy model concepts, focus- niques to resolve the conflicts. We have found that this ing only on the concepts that are relevant to the analysis approach holds some promise for application policies, that we perform. A number of other concepts are repre- in particular the Apache administrator [12], but do not sented in the SELinux extended TE model, such as roles know whether this can work for the trusted computing and identity descriptors, that we do not cover here. A de- base (TCB) subjects in the SELinux policy. Obviously, tailed description of the SELinux policy model is given if we cannot prove that the TCB is integrity-protected, elsewhere [20]. its system cannot be considered secure. The traditional TE model has subject types (e.g., pro- In this paper, we propose a near-minimal TCB for cesses) and object types (e.g., files, sockets, etc.), and ac- SELinux systems and examine how to verify that this cess control is represented by the permissions of the sub- TCB is integrity-protected. First, we define integrity ject types to the object types. In SELinux, the distinction relationships between the TCB subject types and less between subject and object types has been dropped, so trusted system and application subject types. Second, there is only one set of types that are object types and we input these constraints into our policy analysis tool, may also act as subject types. called Gokyo [12], and identify integrity conflicts be- tween the TCB and the system. The Gokyo tool enables The SELinux extended TE model is shown in Figure 1. flexible expression of conflict sets and their resolution, All objects are labeled with a type. All objects are an in- so our next goal is to determine what resolutions appear stance of a particular class (i.e., data type) which has its feasible for TCB integrity conflicts. Using Gokyo, we own set of operations. A permission associates a type, a classify conflicts into classes based on their likely res- class, and an operation set (a subset of the class’s opera- olution. Since most resolutions depend on ad hoc in- tions). Thus, permissions associated with SELinux types formation, it is still a manual process to complete the can be applied independently to different classes. For analysis. Using Gokyo, we identify a minimal TCB for example, different rights can be granted to a user’s files the SELinux example policy of 30 subject types, half of than to their directories. In fact, since the objects are of which are infrequently-used administration subjects. To different classes, they have different operations. Should use this TCB, 5 sanitization problems must be solved, the administrator want to give different access rights to but we believe that most can be addressed in practice, two objects of the same class, then these objects must including the use of Gokyo itself to manage the broad belong to different types. file access rights currently granted to trusted subjects. Ultimately, Gokyo is useful in identifying problems in Permission for a (subject) type to perform operations on meeting security goals, classifying these problems, and a(n) (object) type are granted by the allow statement. providing information for resolving them. Any element of the permission relationship can be ex- pressed using this statement, so the expression of least The paper is structured as follows. In Section 2, we ex- privilege rights is possible. The dontaudit statement pro- amine the SELinux extended Type Enforcement model vides a variation on the basic permission assignment. and outline our site security goals for that model, in- A combination of allow statements result in a union of tegrity protection of a minimal trusted computing base. the rights specified, whereas a combination of dontau- In Section 3 we describe our approach to resolving a pol- dit statements on the same type pair and class are inter- icy against our integrity protection requirements. In Sec- sected. tion 4, we detail the implementation of our analysis us- ing Gokyo and present our analysis results. In Section 5, In addition, the extended TE model also has type at- (Object) label Type Object auditallow or allow (union) (Subject) instance-of Class Permission Type dontaudit(intersection) Operation Set Figure 1: SELinux extended Type Enforcement (TE) policy model basics. tributes that represent a set of types (i.e., all the types SELinux extended TE model also includes a large num- with that attribute assigned).
Load more

Recommended publications
  • Timesys Linux Install HOWTO
    TimeSys Linux Install HOWTO Trevor Harmon <[email protected]> 2005−04−05 Revision History Revision 1.0 2005−04−05 Revised by: TH first official release This document is a quick−start guide for installing TimeSys Linux on a typical desktop workstation. TimeSys Linux Install HOWTO Table of Contents 1. Introduction.....................................................................................................................................................1 1.1. Background.......................................................................................................................................1 1.2. Copyright and License......................................................................................................................1 1.3. Disclaimer.........................................................................................................................................2 1.4. Feedback...........................................................................................................................................2 2. Requirements...................................................................................................................................................3 3. Install the packages.........................................................................................................................................4 4. Prepare the source directories.......................................................................................................................5 5. Configure
    [Show full text]
  • The Linux Device File-System
    The Linux Device File-System Richard Gooch EMC Corporation [email protected] Abstract 1 Introduction All Unix systems provide access to hardware via de- vice drivers. These drivers need to provide entry points for user-space applications and system tools to access the hardware. Following the \everything is a file” philosophy of Unix, these entry points are ex- posed in the file name-space, and are called \device The Device File-System (devfs) provides a power- special files” or \device nodes". ful new device management mechanism for Linux. Unlike other existing and proposed device manage- This paper discusses how these device nodes are cre- ment schemes, it is powerful, flexible, scalable and ated and managed in conventional Unix systems and efficient. the limitations this scheme imposes. An alternative mechanism is then presented. It is an alternative to conventional disc-based char- acter and block special devices. Kernel device drivers can register devices by name rather than de- vice numbers, and these device entries will appear in the file-system automatically. 1.1 Device numbers Devfs provides an immediate benefit to system ad- ministrators, as it implements a device naming scheme which is more convenient for large systems Conventional Unix systems have the concept of a (providing a topology-based name-space) and small \device number". Each instance of a driver and systems (via a device-class based name-space) alike. hardware component is assigned a unique device number. Within the kernel, this device number is Device driver authors can benefit from devfs by used to refer to the hardware and driver instance.
    [Show full text]
  • Implantación De Linux Sobre Microcontroladores
    Embedded Linux system development Embedded Linux system development DSI Embedded Linux Free Electrons Developers © Copyright 2004-2018, Free Electrons. Creative Commons BY-SA 3.0 license. Latest update: March 14, 2018. Document updates and sources: http://free-electrons.com/doc/training/embedded-linux Corrections, suggestions, contributions and translations are welcome! DSI - FCEIA http://dsi.fceia.unr.edu.ar 1/263 Derechos de copia © Copyright 2018, Luciano Diamand Licencia: Creative Commons Attribution - Share Alike 3.0 http://creativecommons.org/licenses/by-sa/3.0/legalcode Ud es libre de: I copiar, distribuir, mostrar y realizar el trabajo I hacer trabajos derivados I hacer uso comercial del trabajo Bajo las siguientes condiciones: I Atribuci´on. Debes darle el cr´editoal autor original. I Compartir por igual. Si altera, transforma o construye sobre este trabajo, usted puede distribuir el trabajo resultante solamente bajo una licencia id´enticaa ´esta. I Para cualquier reutilizaci´ono distribuci´on,debe dejar claro a otros los t´erminos de la licencia de este trabajo. I Se puede renunciar a cualquiera de estas condiciones si usted consigue el permiso del titular de los derechos de autor. El uso justo y otros derechos no se ven afectados por lo anterior. DSI - FCEIA http://dsi.fceia.unr.edu.ar 2/263 Hiperv´ınculosen el documento Hay muchos hiperv´ınculosen el documento I Hiperv´ıncluosregulares: http://kernel.org/ I Enlaces a la documentaci´ondel Kernel: Documentation/kmemcheck.txt I Enlaces a los archivos fuente y directorios del kernel: drivers/input include/linux/fb.h I Enlaces a declaraciones, definiciones e instancias de los simbolos del kernel (funciones, tipos, datos, estructuras): platform_get_irq() GFP_KERNEL struct file_operations DSI - FCEIA http://dsi.fceia.unr.edu.ar 3/263 Introducci´ona Linux Embebido Introducci´ona DSI Linux Embebido Embedded Linux Developers Free Electrons © Copyright 2004-2018, Free Electrons.
    [Show full text]
  • Linux Fast-STREAMS Installation and Reference Manual Version 0.9.2 Edition 4 Updated 2008-10-31 Package Streams-0.9.2.4
    Linux Fast-STREAMS Installation and Reference Manual Version 0.9.2 Edition 4 Updated 2008-10-31 Package streams-0.9.2.4 Brian Bidulock <[email protected]> for The OpenSS7 Project <http://www.openss7.org/> Copyright c 2001-2008 OpenSS7 Corporation <http://www.openss7.com/> Copyright c 1997-2000 Brian F. G. Bidulock <[email protected]> All Rights Reserved. Published by OpenSS7 Corporation 1469 Jefferys Crescent Edmonton, Alberta T6L 6T1 Canada This is texinfo edition 4 of the Linux Fast-STREAMS manual, and is consistent with streams 0.9.2. This manual was developed under the OpenSS7 Project and was funded in part by OpenSS7 Corporation. Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the con- ditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another lan- guage, under the same conditions as for modified versions. i Short Contents Preface ::::::::::::::::::::::::::::::::::::::::::::::::: 1 Quick Start Guide :::::::::::::::::::::::::::::::::::::::: 9 1 Introduction :::::::::::::::::::::::::::::::::::::::: 15 2 Objective ::::::::::::::::::::::::::::::::::::::::::: 17 3 Reference ::::::::::::::::::::::::::::::::::::::::::: 21 4 Development ::::::::::::::::::::::::::::::::::::::::
    [Show full text]
  • Linux 2.5 Kernel Developers Summit
    conference reports This issue’s reports are on the Linux 2.5 Linux 2.5 Kernel Developers Linux development, but I certainly Kernel Developers Summit Summit thought that, in all of this time, someone would have brought this group together OUR THANKS TO THE SUMMARIZER: SAN JOSE, CALIFORNIA before. Rik Farrow, with thanks to La Monte MARCH 30-31, 2001 Yarroll and Chris Mason for sharing their Summarized by Rik Farrow Another difference appeared when the notes. first session started on Friday morning. The purpose of this workshop was to The conference room was set up with cir- provide a forum for discussion of cular tables, each with power strips for changes to be made in the 2.5 release of For additional information on the Linux laptops, and only a few attendees were Linux (a trademark of Linus Torvalds). I not using a laptop. USENIX had pro- 2.5 Kernel Developers Summit, see the assume that many people reading this vided Aeronet wireless setup via the following sites: will be familiar with Linux, and I will hotel’s T1 link, and people were busy <http://lwn.net/2001/features/KernelSummit/> attempt to explain things that might be typing and compiling. Chris Mason of unfamiliar to others. That said, the odd- <http://cgi.zdnet.com/slink?91362:12284618> OSDN noticed that Dave Miller had numbered releases, like 2.3 and now 2.5, <http://www.osdn.com/conferences/kernel/> written a utility to modulate the speed of are development releases where the the CPU fans based upon the tempera- intent is to try out new features or make ture reading from his motherboard.
    [Show full text]
  • CRUX Handbook RELEASE 2.0 CRUX Handbook: RELEASE 2.0
    CRUX Handbook RELEASE 2.0 CRUX Handbook: RELEASE 2.0 Published 2004-06-01 Copyright © 2001, 2002, 2003, 2004 Per Lidén [mailto:[email protected]] This handbook covers the installation, configuration and administration of CRUX. Please note that this hand- book only covers topics that are specific to CRUX [http://crux.nu/]. For further information about Linux see the Linux Documentation Project [http://www.tldp.org/]. Table of Contents Preface...................................................................................................................................5 1.Introduction .........................................................................................................................1 1.1.WhatisCRUX? ......................................................................................................... 1 1.2. Why use CRUX? ........................................................................................................ 1 1.3.License ....................................................................................................................1 1.3.1.Packages ........................................................................................................ 1 1.3.2. Build Scripts ................................................................................................... 1 1.3.3. NO WARANTY .............................................................................................. 1 2. Installing CRUX ..................................................................................................................
    [Show full text]
  • Methods to Improve Bootup Time in Linux
    Methods to Improve Bootup Time in Linux Tim Bird Sony Electronics Bootup Time Working Group Chair CE Linux Forum July 21, 2004 Ottawa Linux Symposium 1 Overview Characterization of the problem space Current reduction techniques Work in progress Resources July 21, 2004 Ottawa Linux Symposium 2 Characterizing the Problem Space July 21, 2004 Ottawa Linux Symposium 3 The Problem Linux doesn’t boot very fast Current Linux desktop systems take about 90- 120 seconds to boot Most CE products must be ready for operation within seconds of boot CELF requirements: boot kernel in 500 milliseconds first available for use in 1 second July 21, 2004 Ottawa Linux Symposium 4 Boot Process Overview 1. power on 2. firmware (boot loader) starts 3. kernel decompression starts 4. kernel start 5. user space start 6. RC script start 7. application start 8. first available use July 21, 2004 Ottawa Linux Symposium 5 Delay Areas Major delay areas in startup: Firmware Kernel/driver initialization User space initialization RC Scripts Application startup July 21, 2004 Ottawa Linux Symposium 6 Overview of delays (on a sample desktop system) Startup Area Delay Firmware 15 seconds Kernel/driver initialization 7 seconds RC scripts 35 seconds X initialization 9 seconds Graphical Environment start 45 seconds Total: 111 seconds For laptop with Pentium III at 600 MHZ July 21, 2004 Ottawa Linux Symposium 7 Firmware July 21, 2004 Ottawa Linux Symposium 8 Firmware/Pre-kernel delays X86 firmware (BIOS) is notorious for superfluous delays (memory checking, hardware probing, etc.)
    [Show full text]
  • PCAN-Driver for Linux
    PCAN-driver for Linux Copyright (C) 2002 -2005 Peak System-Technik GmbH www.peak-system.com [email protected] and Klaus Hitschler [email protected] PCAN-driver for Linux page 1 of 20 History of the document first draft Hi 13.01.2002 rescue after loss of data Hi 10.02.2002 format revision, read/write tables Hi 20.02.2002 delete typographic mistakes Hi 21.02.2002 PCAN-USB integrated Hi 09.02.2003 obfuscation of „pcan_usb_kernel.c“ is described Hi 23.02.2003 devfs, kernel-2.5 support, LGPL Hi 04.08.2003 1st revision for kernel 2.6.x Hi 02.05.2004 enlarge FAQ, corrections Hi 13.05.2004 simple correction for RPM make procedure Hi 14.08.2004 additional compiler switches Hi 19.07.2005 PCAN-driver for Linux page 2 of 20 table of documents Disclaimer..........................................................................................................................4 Characteristics of the 'pcan.o' or 'pcan.ko' driver..............................................................4 Characteristics of the 'libpcan.so' library...........................................................................5 Preliminary notes...............................................................................................................5 Installation with RPM.........................................................................................................6 Installation of source RPM........................................................................................6 Customization of 'modules.conf' or 'modprobe.conf'.................................................7
    [Show full text]
  • EVMS User Guide
    EVMS User Guide Joy Goodreau IBM Kylie Smith IBM Christine Lorenz IBM Copyright © 2003 IBM March 31, 2003 Special Notices The following terms are registered trademarks of International Business Machines corporation in the United States and/or other countries: AIX, OS/2, System/390. A full list of U.S. trademarks owned by IBM may be found at http://www.ibm.com/legal/copytrade.shtml. Intel is a trademark or registered trademark of Intel Corporation in the United States, other countries, or both. Windows is a trademark of Microsoft Corporation in the United States, other countries, or both. Linux is a trademark of Linus Torvalds. Other company, product, and service names may be trademarks or service marks of others. UNIX is a registered trademark of The Open Group in the United States and other countries. This document is provided "AS IS," with no express or implied warranties. Use the information in this document at your own risk. License Information This document may be reproduced or distributed in any form without prior permission provided the copyright notice is retained on all copies. Modified versions of this document may be freely distributed provided that they are clearly identified as such, and this copyright is included intact. EVMS User Guide Table of Contents Preface..................................................................................................................................................................1 Chapter 1. What is EVMS?................................................................................................................................3
    [Show full text]
  • Reducing Startup Time in Embedded Linux Systems
    Reducing Startup Time in Embedded Linux Systems Tim Bird Chair – Bootup Times Working Group CE Linux Forum December, 2003 Copyright 2003, CE Linux Forum 1 Member Companies Overview • Characterization of the problem space • Current reduction techniques • Work in progress • CE Linux Forum December, 2003 Copyright 2003, CE Linux Forum 2 Member Companies Characterizing the Problem Space December, 2003 Copyright 2003, CE Linux Forum 3 Member Companies The Problem • Linux doesn’t boot very fast – Current Linux desktop systems take about 90-120 seconds to boot • This is clearly not suitable for consumer electronics products December, 2003 Copyright 2003, CE Linux Forum 4 Member Companies Delay Taxonomy • Major delay areas in startup: – Firmware – Kernel/driver initialization – User space initialization – Application startup • Scope of problem – Device-specific – Systemic December, 2003 Copyright 2003, CE Linux Forum 5 Member Companies Overview of delays Startup Area Delay Firmware 15 seconds Kernel/ driver initialization 9 seconds RC scripts 35 seconds X initialization 9 seconds Graphical Environment start 45 seconds Total: 113 seconds For laptop with Pentium III at 600 MHZ December, 2003 Copyright 2003, CE Linux Forum 6 Member Companies Firmware delays • X86 firmware (BIOS) is notorious for superfluous delays (memory checking, hardware probing, etc.) – Many of these operations are duplicated by the kernel when it starts • Large delay for spinup of hard drive • Delay to load and decompress kernel December, 2003 Copyright 2003, CE Linux Forum 7 Member Companies Typical HD Time-to-Ready Brand Size Time to Ready Maxtor 3.5” 7.5 seconds Seagate 3.5” 6.5 - 10 seconds * Hitachi 3.5” 6 - 10 seconds * Hitachi 2.5” 4 - 5 seconds Toshiba 2.5” 4 seconds Hitachi 1.0” 1 - 1.5 seconds microdrive * Depends on number of platters During retries, these times can be extended by tens of seconds, but this is rare.
    [Show full text]
  • Silicon Graphics Visual Workstation Environment (VWE) Start Here
    Silicon Graphics Visual Workstation Environment (VWE) Start Here 007-4203-002 COPYRIGHT © 2000 Silicon Graphics, Inc. All rights reserved; provided portions may be copyright in third parties, as indicated elsewhere herein. No permission is granted to copy, distribute, or create derivative works from the contents of this electronic documentation in any manner, in whole or in part, without the prior written permission of Silicon Graphics, Inc. LIMITED RIGHTS LEGEND The electronic (software) version of this document was developed at private expense; if acquired under an agreement with the USA government or any contractor thereto, it is acquired as “commercial computer software” subject to the provisions of its applicable license agreement, as specified in (a) 48 CFR 12.212 of the FAR; or, if acquired for Department of Defense units, (b) 48 CFR 227-7202 of the DoD FAR Supplement; or sections succeeding thereto. Contractor/manufacturer is Silicon Graphics, Inc., 1600 Amphitheatre Pkwy 2E, Mountain View, CA 94043-1351. TRADEMARKS AND ATTRIBUTIONS Silicon Graphics, IRIS, IRIX, and OpenGL are registered trademarks, and SGI, the SGI logo, IRIS Performer, Open Inventor, and VPro are trademarks of Silicon Graphics, Inc. Adaptec is a trademark of Adaptec, Inc. Cisco is a trademark of Cisco Systems, Inc. Intel is a registered trademark of Intel Corporation. Linux is a registered trademark of Linus Torvalds, used with permission by Silicon Graphics, Inc. Mylex is a trademark of International Business Machines Corporation. QLogic is a trademark of QLogic Corporation. Red Hat is a registered trademark and RPM is a trademark of Red Hat, Inc. SuSE is a trademark of SuSE Inc.
    [Show full text]
  • Systemimager® V3.0.1 Manual
    SystemImager® v3.0.1 Manual Brian Elliott Finley dann frazier Austin Gonyou Ari Jort Jason R. Mastaler Greg Pratt Ben Spade Denise Walters Curtis Zinzilieta SystemImager® v3.0.1 Manual by Brian Elliott Finley dann frazier Austin Gonyou Ari Jort Jason R. Mastaler Greg Pratt Ben Spade Denise Walters Curtis Zinzilieta Published $Date: 2003/02/19 05:58:26 $ SystemImager was created by Brian Elliott Finley, who continues to maintain it as the Sys- temImager team lead. Its initial implementation was known as Pterodactyl, which was used for software and password updates to Solaris boxes of varying hardware and OS versions across a nationwide enterprise network. Many SystemImager design decisions were based on per- ceived shortcomings in other automated install tools for systems such as Solaris, RedHat Linux, and Windows. Eventually, SystemImager evolved into the Linux-specific autoinstall and soft- ware distribution tool that it is today. Be sure to view the CREDITS file for a listing of other people who have contributed code or documentation that has been incorporated into SystemImager. Many thanks go to these peo- ple, as their relentless pursuit in the discovery bugs and the occasional code contribution are invaluable. Trademark Notices SystemImager® is a registered trademark of Brian Finley. Linux® is a registered trademark of Linus Torvalds. Debian® is a registered trademark of Software in the Public Interest, Inc. Red Hat® is a registered trademark of Red Hat, Inc. in the United States and other countries. Solaris® is a registered trademark
    [Show full text]