SELinux Moving Into The Mainstream

PaxTech writes "Security Enhanced Linux is moving into the mainstream rapidly, bringing its implementation of mandatory access control to a wider audience. The agenda for the 2006 SELinux Symposium has just been announced, distributions such as Fedora are including SELinux in the default build, and ports are underway to bring SELinux functionality to BSD and Darwin. Security minded systems administrators should be learning about this technology as it provides another strong layer of security for Linux servers."

Re:And by mainstream, we mean

[kopykat]

it just sounds to gruesome to me that anything that has to do with the .gov analysis is "bad!" considering that berkeley bsd, and really all unix before the introduction of the internet was government and university based as its primary source of development and contingency to the IT world at the time... SElinux is basically a strategic move to inspire and solidify the security of networking and internet services globally where the use of black art hacking has become a problem in every nation that has any form internet communication and the developers who developed it happen to have been open source experts in congruency with NAS developers... . !

Re:Interesting to see it being ported

[jbolden]

I do have to wonder -- how well would a successful Darwin port of SELinux interact with Mac OS X's security model?

Quite a bit of it is in there. The problem is that Darwin has a different kernel level security model... there is a difference between single user mode and root in terms of permissions. So for example you can chflags the schg bit on but not off when running in Aquaish modes. There certainly are going to need to be better tools to handle this (sort of like the way XP does stuff during the next reboot).