[ale] October meeting topic - SELinux

Richard Faulkner rfaulkner at 34thprs.org
Thu Aug 26 09:00:03 EDT 2010


Ah, wandering minds...yes the bells are metaphorical (can I use a big
word this early in the morning?) and my attire is quite opaque to be
sure.  Is it live or is it Memorex?  How can you have any pudding if you
don't eat your meat?

Back on topic....

SELinux was giving me some very minor issues with regard to Chrome (or
perhaps I should state it the other way around) a while back but I
believe that updates to Chrome worked that out.  As I drive Fedora and
am planning on finishing-out my home server with a Redhat type (CentOS
or Startcom -- heck maybe I'll even spring for the single users license
for RH); I for one welcome the chance to get all I can on SELinux at a
meeting.  : )

Oh, and, yes...the ring is not only on my finger but in my head...as in
ringing ears.  I wish I could answer them....(hehehe)

Rich in Lilburn

-----Original Message-----
From: Geoffrey <lists at serioustechnology.com>
Reply-to: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
To: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale at ale.org>
Subject: Re: [ale] October meeting topic - SELinux
Date: Thu, 26 Aug 2010 07:14:34 -0400


Jim Kinney wrote:
> um. I was hoping for something a bit more opaque .

REALLY BIG bells strategically placed?


> 
> On Wed, Aug 25, 2010 at 4:21 PM, Greg Clifton <gccfof5 at gmail.com 
> <mailto:gccfof5 at gmail.com>> wrote:
> 
>     Maybe rings on his toes?
> 
> 
>     On Wed, Aug 25, 2010 at 4:12 PM, Jim Kinney <jim.kinney at gmail.com
>     <mailto:jim.kinney at gmail.com>> wrote:
> 
>         hopefully the bells will be joined with other attire.
> 
>         On Wed, Aug 25, 2010 at 3:29 PM, Richard Faulkner
>         <rfaulkner at 34thprs.org <mailto:rfaulkner at 34thprs.org>> wrote:
> 
>             I second that on "anything" that could be covered in 90-120
>             minutes.  I know "zilch"
>             about SELinux so have a fertile mind for new information on
>             the topic.  I would be
>             there with bells on....
> 
>             Rich in Lilburn
> 
> 
> 
>             -----Original Message-----
>             *From*: Michael B. Trausch <mike at trausch.us
>             <mailto:%22Michael%20B.%20Trausch%22%20%3cmike at trausch.us%3e>>
>             *Reply-to*: Atlanta Linux Enthusiasts - Yes! We run Linux!
>             <ale at ale.org <mailto:ale at ale.org>>
>             *To*: Atlanta Linux Enthusiasts - Yes! We run Linux!
>             <ale at ale.org
>             <mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes%21%20We%20run%20Linux%21%20%3cale at ale.org%3e>>
>             *Subject*: Re: [ale] October meeting topic - SELinux
>             *Date*: Tue, 24 Aug 2010 13:49:58 -0400
> 
>             On Tue, 2010-08-24 at 11:14 -0400, Jim Kinney wrote:
>             > I have informed Aaron I will give a meeting in October on SELinux. I
>             > am tinkering with SEPostgres - yes, that's SELinux extensions for
>             > PostgreSQL! - and wanted a feel for interest, i.e. how far down the
>             > rabbit hole should I look at for the talk?
>             > 
>             > NOTE: My talks are notoriously long - I think the last one was 90
>             > minutes - and this one will likely be no different. 
>             > 
>             > I'm looking at an overview of SELinux and how to work with it, uses of
>             > the multi-level, multi-category security model (much more than the
>             > "strict" mode) and a practical example of a database using it natively
>             > (along with the process of patch -n- build, etc). 
> 
>             I, for one, would be interested in anything that you can reasonably
>             cover in a 90 to 120 minute window, even if I have to read 120,000 words
>             of text afterwards to understand it all.  :-)
> 
>             That said, here are a few things that I can think of that I would like
>             to know:
> 
>               * WRT implementing SELinux on an existing system, is there some method
>                 of determining what rules would be good to implement by scanning the
>                 system?
>               * Is there a method of remote management of SELinux rules?
>               * Can it do things like require that a cryptographic key is used to
>                 access a system over a username and password, particularly for
>                 privileged operations?
>               * Along the same lines as the last question, how high-level can
>                 SELinux requirements get?
>               * Is it worthwhile for use in a small network (< 5 servers)?
>               * Is it useful inside of virtual machines (for example, are there
>                 SELinux "namespaces" that can be used inside of something like LXC
>                 so that all that has to happen for SELinux to work in the containers
>                 is to have the SELinux modules loaded on the host?
>               * Assuming that the last question is answered in the affirmative,
>                 is it also possible to have SELinux used on the host to do something
>                 like say "VMs can do whatever, bound by their own SELinux policies,
>                 as long as they don't break out into the host system?"
> 
>             I could probably ask 100 questions, but these are the biggest ones that
>             I can think of that I would like answers to (or pointers to answers to).
> 
>             	--- Mike
> 
>             _______________________________________________
>             Ale mailing list
>             Ale at ale.org <mailto:Ale at ale.org>
>             http://mail.ale.org/mailman/listinfo/ale
>             See JOBS, ANNOUNCE and SCHOOLS lists at
>             http://mail.ale.org/mailman/listinfo
> 
> 
> 
>             _______________________________________________
>             Ale mailing list
>             Ale at ale.org <mailto:Ale at ale.org>
>             http://mail.ale.org/mailman/listinfo/ale
>             See JOBS, ANNOUNCE and SCHOOLS lists at
>             http://mail.ale.org/mailman/listinfo
> 
> 
> 
> 
>         -- 
>         -- 
>         James P. Kinney III
>         I would rather stumble along in freedom than walk effortlessly
>         in chains.
> 
> 
> 
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org <mailto:Ale at ale.org>
>         http://mail.ale.org/mailman/listinfo/ale
>         See JOBS, ANNOUNCE and SCHOOLS lists at
>         http://mail.ale.org/mailman/listinfo
> 
> 
> 
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
> 
> 
> 
> 
> -- 
> -- 
> James P. Kinney III
> I would rather stumble along in freedom than walk effortlessly in chains.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100826/49e398a6/attachment.html 


More information about the Ale mailing list