[ale] October meeting topic - SELinux
Geoffrey
lists at serioustechnology.com
Thu Aug 26 07:13:53 EDT 2010
Greg Clifton wrote:
> Maybe rings on his toes?
I'm thinking the bells are on the toes and rings are on fingers?
>
> On Wed, Aug 25, 2010 at 4:12 PM, Jim Kinney <jim.kinney at gmail.com
> <mailto:jim.kinney at gmail.com>> wrote:
>
> hopefully the bells will be joined with other attire.
>
> On Wed, Aug 25, 2010 at 3:29 PM, Richard Faulkner
> <rfaulkner at 34thprs.org <mailto:rfaulkner at 34thprs.org>> wrote:
>
> I second that on "anything" that could be covered in 90-120
> minutes. I know "zilch"
> about SELinux so have a fertile mind for new information on the
> topic. I would be
> there with bells on....
>
> Rich in Lilburn
>
>
>
> -----Original Message-----
> *From*: Michael B. Trausch <mike at trausch.us
> <mailto:%22Michael%20B.%20Trausch%22%20%3cmike at trausch.us%3e>>
> *Reply-to*: Atlanta Linux Enthusiasts - Yes! We run Linux!
> <ale at ale.org <mailto:ale at ale.org>>
> *To*: Atlanta Linux Enthusiasts - Yes! We run Linux!
> <ale at ale.org
> <mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes%21%20We%20run%20Linux%21%20%3cale at ale.org%3e>>
> *Subject*: Re: [ale] October meeting topic - SELinux
> *Date*: Tue, 24 Aug 2010 13:49:58 -0400
>
> On Tue, 2010-08-24 at 11:14 -0400, Jim Kinney wrote:
> > I have informed Aaron I will give a meeting in October on SELinux. I
> > am tinkering with SEPostgres - yes, that's SELinux extensions for
> > PostgreSQL! - and wanted a feel for interest, i.e. how far down the
> > rabbit hole should I look at for the talk?
> >
> > NOTE: My talks are notoriously long - I think the last one was 90
> > minutes - and this one will likely be no different.
> >
> > I'm looking at an overview of SELinux and how to work with it, uses of
> > the multi-level, multi-category security model (much more than the
> > "strict" mode) and a practical example of a database using it natively
> > (along with the process of patch -n- build, etc).
>
> I, for one, would be interested in anything that you can reasonably
> cover in a 90 to 120 minute window, even if I have to read 120,000 words
> of text afterwards to understand it all. :-)
>
> That said, here are a few things that I can think of that I would like
> to know:
>
> * WRT implementing SELinux on an existing system, is there some method
> of determining what rules would be good to implement by scanning the
> system?
> * Is there a method of remote management of SELinux rules?
> * Can it do things like require that a cryptographic key is used to
> access a system over a username and password, particularly for
> privileged operations?
> * Along the same lines as the last question, how high-level can
> SELinux requirements get?
> * Is it worthwhile for use in a small network (< 5 servers)?
> * Is it useful inside of virtual machines (for example, are there
> SELinux "namespaces" that can be used inside of something like LXC
> so that all that has to happen for SELinux to work in the containers
> is to have the SELinux modules loaded on the host?
> * Assuming that the last question is answered in the affirmative,
> is it also possible to have SELinux used on the host to do something
> like say "VMs can do whatever, bound by their own SELinux policies,
> as long as they don't break out into the host system?"
>
> I could probably ask 100 questions, but these are the biggest ones that
> I can think of that I would like answers to (or pointers to answers to).
>
> --- Mike
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
>
>
> --
> --
> James P. Kinney III
> I would rather stumble along in freedom than walk effortlessly in
> chains.
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org <mailto:Ale at ale.org>
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
Until later, Geoffrey
"I predict future happiness for America if they can prevent
the government from wasting the labors of the people under
the pretense of taking care of them."
- Thomas Jefferson
More information about the Ale
mailing list