Slashdot Mirror

← Back to Stories (view on slashdot.org)

SELinux Moving Into The Mainstream

Posted by CowboyNeal on from the into-its-own dept.

PaxTech writes "Security Enhanced Linux is moving into the mainstream rapidly, bringing its implementation of mandatory access control to a wider audience. The agenda for the 2006 SELinux Symposium has just been announced, distributions such as Fedora are including SELinux in the default build, and ports are underway to bring SELinux functionality to BSD and Darwin. Security minded systems administrators should be learning about this technology as it provides another strong layer of security for Linux servers."

3 of 24 comments (clear)

  1. Next priority should be targeted policies for apps by NZheretic · · Score: 4, Interesting
    Browsers and internet accessing applications really need a series of targeted policies that can limit what third party extention, plugins and applet/scripting systems have access to.

    Almost all plugins should only need read access to its install directory/libraries, to a dedicated subdirectory for plugin for each application, and maybe ( at the users agreement ) common incoming and outgoing directory.

  2. Re:grsec? by A+beautiful+mind · · Score: 2, Interesting

    Because they are different in spirit. SELinux is something that gives the necessary features for an organization like NSA where they require a level C or B or higher classified system.

    Grsecurity is more like for the common user wanting to make their system more secure.

    I'm aware that this is very vague like this, but it gives the general idea I hope. Personally I use Grsec for my home box, but an organization wanting to replace old mainframes needs to look into a bit different solutions, like SELinux.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  3. Interesting to see it being ported by Kelson · · Score: 2, Interesting

    ...to BSD and Darwin. I've been using Fedora Core since it was first released, and I've watched SELinux go from a slightly clunky annoyance in FC2 to just another part of the system in FC4 as they refined the targeted policy. I'm not sure how much of that was done by the NSA and how much by Red Hat, but it's made a huge difference -- more, even, than the slowly improving security GUI in Fedora Core (though SELinux desperately needs something to make it easier to administer).

    Back to BSD/Darwin, I do have to wonder -- how well would a successful Darwin port of SELinux interact with Mac OS X's security model? The page on the website talks about 10.3 and the latest snapshot is dated July.