[ale] October meeting topic - SELinux

Geoffrey lists at serioustechnology.com
Thu Aug 26 07:13:53 EDT 2010


Greg Clifton wrote:
> Maybe rings on his toes?

I'm thinking the bells are on the toes and rings are on fingers?

> 
> On Wed, Aug 25, 2010 at 4:12 PM, Jim Kinney <jim.kinney at gmail.com 
> <mailto:jim.kinney at gmail.com>> wrote:
> 
>     hopefully the bells will be joined with other attire.
> 
>     On Wed, Aug 25, 2010 at 3:29 PM, Richard Faulkner
>     <rfaulkner at 34thprs.org <mailto:rfaulkner at 34thprs.org>> wrote:
> 
>         I second that on "anything" that could be covered in 90-120
>         minutes.  I know "zilch"
>         about SELinux so have a fertile mind for new information on the
>         topic.  I would be
>         there with bells on....
> 
>         Rich in Lilburn
> 
> 
> 
>         -----Original Message-----
>         *From*: Michael B. Trausch <mike at trausch.us
>         <mailto:%22Michael%20B.%20Trausch%22%20%3cmike at trausch.us%3e>>
>         *Reply-to*: Atlanta Linux Enthusiasts - Yes! We run Linux!
>         <ale at ale.org <mailto:ale at ale.org>>
>         *To*: Atlanta Linux Enthusiasts - Yes! We run Linux!
>         <ale at ale.org
>         <mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes%21%20We%20run%20Linux%21%20%3cale at ale.org%3e>>
>         *Subject*: Re: [ale] October meeting topic - SELinux
>         *Date*: Tue, 24 Aug 2010 13:49:58 -0400
> 
>         On Tue, 2010-08-24 at 11:14 -0400, Jim Kinney wrote:
>         > I have informed Aaron I will give a meeting in October on SELinux. I
>         > am tinkering with SEPostgres - yes, that's SELinux extensions for
>         > PostgreSQL! - and wanted a feel for interest, i.e. how far down the
>         > rabbit hole should I look at for the talk?
>         > 
>         > NOTE: My talks are notoriously long - I think the last one was 90
>         > minutes - and this one will likely be no different. 
>         > 
>         > I'm looking at an overview of SELinux and how to work with it, uses of
>         > the multi-level, multi-category security model (much more than the
>         > "strict" mode) and a practical example of a database using it natively
>         > (along with the process of patch -n- build, etc). 
> 
>         I, for one, would be interested in anything that you can reasonably
>         cover in a 90 to 120 minute window, even if I have to read 120,000 words
>         of text afterwards to understand it all.  :-)
> 
>         That said, here are a few things that I can think of that I would like
>         to know:
> 
>           * WRT implementing SELinux on an existing system, is there some method
>             of determining what rules would be good to implement by scanning the
>             system?
>           * Is there a method of remote management of SELinux rules?
>           * Can it do things like require that a cryptographic key is used to
>             access a system over a username and password, particularly for
>             privileged operations?
>           * Along the same lines as the last question, how high-level can
>             SELinux requirements get?
>           * Is it worthwhile for use in a small network (< 5 servers)?
>           * Is it useful inside of virtual machines (for example, are there
>             SELinux "namespaces" that can be used inside of something like LXC
>             so that all that has to happen for SELinux to work in the containers
>             is to have the SELinux modules loaded on the host?
>           * Assuming that the last question is answered in the affirmative,
>             is it also possible to have SELinux used on the host to do something
>             like say "VMs can do whatever, bound by their own SELinux policies,
>             as long as they don't break out into the host system?"
> 
>         I could probably ask 100 questions, but these are the biggest ones that
>         I can think of that I would like answers to (or pointers to answers to).
> 
>         	--- Mike
> 
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org <mailto:Ale at ale.org>
>         http://mail.ale.org/mailman/listinfo/ale
>         See JOBS, ANNOUNCE and SCHOOLS lists at
>         http://mail.ale.org/mailman/listinfo
> 
> 
> 
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org <mailto:Ale at ale.org>
>         http://mail.ale.org/mailman/listinfo/ale
>         See JOBS, ANNOUNCE and SCHOOLS lists at
>         http://mail.ale.org/mailman/listinfo
> 
> 
> 
> 
>     -- 
>     -- 
>     James P. Kinney III
>     I would rather stumble along in freedom than walk effortlessly in
>     chains.
> 
> 
> 
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


-- 
Until later, Geoffrey

"I predict future happiness for America if they can prevent
the government from wasting the labors of the people under
the pretense of taking care of them."
- Thomas Jefferson


More information about the Ale mailing list