[ale] October meeting topic - SELinux

Jim Kinney jim.kinney at gmail.com
Wed Aug 25 16:12:18 EDT 2010 

hopefully the bells will be joined with other attire.

On Wed, Aug 25, 2010 at 3:29 PM, Richard Faulkner <rfaulkner at 34thprs.org>wrote:

>  I second that on "anything" that could be covered in 90-120 minutes.  I
> know "zilch"
> about SELinux so have a fertile mind for new information on the topic.  I
> would be
> there with bells on....
>
> Rich in Lilburn
>
>
>
> -----Original Message-----
> *From*: Michael B. Trausch <mike at trausch.us<%22Michael%20B.%20Trausch%22%20%3cmike at trausch.us%3e>
> >
> *Reply-to*: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
> *To*: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org<Atlanta%20Linux%20Enthusiasts%20-%20Yes%21%20We%20run%20Linux%21%20%3cale at ale.org%3e>
> >
> *Subject*: Re: [ale] October meeting topic - SELinux
> *Date*: Tue, 24 Aug 2010 13:49:58 -0400
>
> On Tue, 2010-08-24 at 11:14 -0400, Jim Kinney wrote:
> > I have informed Aaron I will give a meeting in October on SELinux. I
> > am tinkering with SEPostgres - yes, that's SELinux extensions for
> > PostgreSQL! - and wanted a feel for interest, i.e. how far down the
> > rabbit hole should I look at for the talk?
> >
> > NOTE: My talks are notoriously long - I think the last one was 90
> > minutes - and this one will likely be no different.
> >
> > I'm looking at an overview of SELinux and how to work with it, uses of
> > the multi-level, multi-category security model (much more than the
> > "strict" mode) and a practical example of a database using it natively
> > (along with the process of patch -n- build, etc).
>
> I, for one, would be interested in anything that you can reasonably
> cover in a 90 to 120 minute window, even if I have to read 120,000 words
> of text afterwards to understand it all.  :-)
>
> That said, here are a few things that I can think of that I would like
> to know:
>
>   * WRT implementing SELinux on an existing system, is there some method
>     of determining what rules would be good to implement by scanning the
>     system?
>   * Is there a method of remote management of SELinux rules?
>   * Can it do things like require that a cryptographic key is used to
>     access a system over a username and password, particularly for
>     privileged operations?
>   * Along the same lines as the last question, how high-level can
>     SELinux requirements get?
>   * Is it worthwhile for use in a small network (< 5 servers)?
>   * Is it useful inside of virtual machines (for example, are there
>     SELinux "namespaces" that can be used inside of something like LXC
>     so that all that has to happen for SELinux to work in the containers
>     is to have the SELinux modules loaded on the host?
>   * Assuming that the last question is answered in the affirmative,
>     is it also possible to have SELinux used on the host to do something
>     like say "VMs can do whatever, bound by their own SELinux policies,
>     as long as they don't break out into the host system?"
>
> I could probably ask 100 questions, but these are the biggest ones that
> I can think of that I would like answers to (or pointers to answers to).
>
> 	--- Mike
>
> _______________________________________________
> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III
I would rather stumble along in freedom than walk effortlessly in chains.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100825/66cf1338/attachment-0001.html

More information about the Ale mailing list