[ale] October meeting topic - SELinux

Richard Faulkner rfaulkner at 34thprs.org
Wed Aug 25 15:29:02 EDT 2010


I second that on "anything" that could be covered in 90-120 minutes.  I
know "zilch"
about SELinux so have a fertile mind for new information on the topic.
I would be 
there with bells on....

Rich in Lilburn


-----Original Message-----
From: Michael B. Trausch <mike at trausch.us>
Reply-to: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
To: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
Subject: Re: [ale] October meeting topic - SELinux
Date: Tue, 24 Aug 2010 13:49:58 -0400


On Tue, 2010-08-24 at 11:14 -0400, Jim Kinney wrote:
> I have informed Aaron I will give a meeting in October on SELinux. I
> am tinkering with SEPostgres - yes, that's SELinux extensions for
> PostgreSQL! - and wanted a feel for interest, i.e. how far down the
> rabbit hole should I look at for the talk?
> 
> NOTE: My talks are notoriously long - I think the last one was 90
> minutes - and this one will likely be no different. 
> 
> I'm looking at an overview of SELinux and how to work with it, uses of
> the multi-level, multi-category security model (much more than the
> "strict" mode) and a practical example of a database using it natively
> (along with the process of patch -n- build, etc). 

I, for one, would be interested in anything that you can reasonably
cover in a 90 to 120 minute window, even if I have to read 120,000 words
of text afterwards to understand it all.  :-)

That said, here are a few things that I can think of that I would like
to know:

  * WRT implementing SELinux on an existing system, is there some method
    of determining what rules would be good to implement by scanning the
    system?
  * Is there a method of remote management of SELinux rules?
  * Can it do things like require that a cryptographic key is used to
    access a system over a username and password, particularly for
    privileged operations?
  * Along the same lines as the last question, how high-level can
    SELinux requirements get?
  * Is it worthwhile for use in a small network (< 5 servers)?
  * Is it useful inside of virtual machines (for example, are there
    SELinux "namespaces" that can be used inside of something like LXC
    so that all that has to happen for SELinux to work in the containers
    is to have the SELinux modules loaded on the host?
  * Assuming that the last question is answered in the affirmative,
    is it also possible to have SELinux used on the host to do something
    like say "VMs can do whatever, bound by their own SELinux policies,
    as long as they don't break out into the host system?"

I could probably ask 100 questions, but these are the biggest ones that
I can think of that I would like answers to (or pointers to answers to).

	--- Mike

_______________________________________________
Ale mailing list
Ale at ale.org
http://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100825/7346f8de/attachment.html 


More information about the Ale mailing list