[ale] October meeting topic - SELinux

Jim Kinney jim.kinney at gmail.com
Wed Aug 25 16:41:47 EDT 2010 

um. I was hoping for something a bit more opaque .

On Wed, Aug 25, 2010 at 4:21 PM, Greg Clifton <gccfof5 at gmail.com> wrote:

> Maybe rings on his toes?
>
>
> On Wed, Aug 25, 2010 at 4:12 PM, Jim Kinney <jim.kinney at gmail.com> wrote:
>
>> hopefully the bells will be joined with other attire.
>>
>> On Wed, Aug 25, 2010 at 3:29 PM, Richard Faulkner <rfaulkner at 34thprs.org>wrote:
>>
>>>  I second that on "anything" that could be covered in 90-120 minutes.  I
>>> know "zilch"
>>> about SELinux so have a fertile mind for new information on the topic.  I
>>> would be
>>> there with bells on....
>>>
>>> Rich in Lilburn
>>>
>>>
>>>
>>> -----Original Message-----
>>> *From*: Michael B. Trausch <mike at trausch.us<%22Michael%20B.%20Trausch%22%20%3cmike at trausch.us%3e>
>>> >
>>> *Reply-to*: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
>>> *To*: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org<Atlanta%20Linux%20Enthusiasts%20-%20Yes%21%20We%20run%20Linux%21%20%3cale at ale.org%3e>
>>> >
>>> *Subject*: Re: [ale] October meeting topic - SELinux
>>> *Date*: Tue, 24 Aug 2010 13:49:58 -0400
>>>
>>> On Tue, 2010-08-24 at 11:14 -0400, Jim Kinney wrote:
>>> > I have informed Aaron I will give a meeting in October on SELinux. I
>>> > am tinkering with SEPostgres - yes, that's SELinux extensions for
>>> > PostgreSQL! - and wanted a feel for interest, i.e. how far down the
>>> > rabbit hole should I look at for the talk?
>>> >
>>> > NOTE: My talks are notoriously long - I think the last one was 90
>>> > minutes - and this one will likely be no different.
>>> >
>>> > I'm looking at an overview of SELinux and how to work with it, uses of
>>> > the multi-level, multi-category security model (much more than the
>>> > "strict" mode) and a practical example of a database using it natively
>>> > (along with the process of patch -n- build, etc).
>>>
>>> I, for one, would be interested in anything that you can reasonably
>>> cover in a 90 to 120 minute window, even if I have to read 120,000 words
>>> of text afterwards to understand it all.  :-)
>>>
>>> That said, here are a few things that I can think of that I would like
>>> to know:
>>>
>>>   * WRT implementing SELinux on an existing system, is there some method
>>>     of determining what rules would be good to implement by scanning the
>>>     system?
>>>   * Is there a method of remote management of SELinux rules?
>>>   * Can it do things like require that a cryptographic key is used to
>>>     access a system over a username and password, particularly for
>>>     privileged operations?
>>>   * Along the same lines as the last question, how high-level can
>>>     SELinux requirements get?
>>>   * Is it worthwhile for use in a small network (< 5 servers)?
>>>   * Is it useful inside of virtual machines (for example, are there
>>>     SELinux "namespaces" that can be used inside of something like LXC
>>>     so that all that has to happen for SELinux to work in the containers
>>>     is to have the SELinux modules loaded on the host?
>>>   * Assuming that the last question is answered in the affirmative,
>>>     is it also possible to have SELinux used on the host to do something
>>>     like say "VMs can do whatever, bound by their own SELinux policies,
>>>     as long as they don't break out into the host system?"
>>>
>>> I could probably ask 100 questions, but these are the biggest ones that
>>> I can think of that I would like answers to (or pointers to answers to).
>>>
>>> 	--- Mike
>>>
>>> _______________________________________________
>>> Ale mailing listAle at ale.orghttp://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists athttp://mail.ale.org/mailman/listinfo
>>>
>>>
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>>
>>
>>
>> --
>> --
>> James P. Kinney III
>> I would rather stumble along in freedom than walk effortlessly in chains.
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
-- 
James P. Kinney III
I would rather stumble along in freedom than walk effortlessly in chains.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100825/7951caa4/attachment.html

More information about the Ale mailing list