[KLUG Members] SELinux anyone?
Adam Williams
members@kalamazoolinux.org
25 Jul 2003 09:19:37 -0400
> Is anyone using, or experimenting with, SELinux?
> http://www.nsa.gov/selinux
Played with it a bit once. The application level security is very
nice. It is woven into IPC and everything. But it can be a real
$(*&@($ to config since most apps don't expect anything like that to be
going on.
I thought SE was disbanded however? The NSA had said "No!" to Open
Source. Has this project resumed?
Also be aware that SE is a POC (proof-of-concept). It is not meant to
be actually used in any production capacity. At least that is what it
said back when I had enough spare time to look at it. The code is real
spagetti.
> As I understand it, it's a modification to an existing Linux system (their
> site says it works with Red Hat). It Mandatory Access Control and other things
> to make a system less vulnerable.
Some MAC exists already in late 2.4, it is just poorly documented. More
exists (will exist?) in 2.6.x.
> This hearkens back to some content from the excellent presentation by Matthew
> Benjamin from The Linux Box back in January.
Matt talked about LIDS, which is a patch set meant to be used on real
systems. I've been meaning to put that (or something like it) on my
KDC/PDC but I'm waiting till 2.6.x so I don't have to do it twice.