You are viewing james_morris

James Morris - Have You Driven an SELinux Lately?
July 20th, 2008
11:09 am

[Link]

Previous Entry Share Next Entry
Have You Driven an SELinux Lately?
My OLS paper,

Have You Driven an SELinux Lately?


may now be downloaded as a single document, or as part of the conference proceedings.

The paper is a detailed update on the SELinux project, covering important changes to SELinux in the past few years. After the initial upstream kernel merge—which took three years and required LSM to be developed—the project proceeded rapidly in terms of integration into mainstream Linux distributions, as well as having its internal infrastructure overhauled to allow major improvements to both function and usability. A great deal has changed since many people first saw SELinux.

I'd recommend reading the paper if you want to come up to speed on where things are at in the project, and where things are headed.

I'll be giving a talk on the paper at OLS this Thursday. It's certainly a challenge trying to keep the talk length below 45 minutes without leaving something significant out. For some reason, my talks tend to self-adjust to about 90 minutes, and I always need to work to shorten them.

As a reminder, the SELinux Developer Summit is on Tuesday, and it will be held at the Ottawa Novotel from 8:30am.


Btw, I noticed Linux being used at Sydney Airport on the way over:

Linux @ Sydney Airport

Ubuntu 6.02, I believe 6.06.2.

Tags: , , , , , ,

(10 comments | Leave a comment)

Comments
 
[User Picture]
From:jldugger
Date:July 20th, 2008 06:30 pm (UTC)
(Link)
You're just making numbers up now. It's probably 6.06 (dapper) or 6.10 (edgy). Of course, afaik, we're still on course with AppArmor over SELinux. I still look to the course of SELinux development, should the day come where we need "change ships", so to speak.
From:james_morris
Date:July 20th, 2008 08:05 pm (UTC)
(Link)
Indeed, I checked another photo -- it's 6.06.2.
From:rahulsundaram
Date:July 20th, 2008 08:29 pm (UTC)

Interesting

(Link)
I see Ubuntu having partial SELinux support too. I am not sure how you are going to support AppArmor when the original team seems to have been fired en masse

http://news.cnet.com/8301-13580_3-9796140-39.html?part=rss&subj=news&tag=2547-1_3-0-5

Should be interesting to watch.
[User Picture]
From:jldugger
Date:July 20th, 2008 08:40 pm (UTC)
(Link)
ANd although you seem to have deleted a response, https://wiki.ubuntu.com/SELinux points out that Hardy also supports SELinux. It should come as no surprise that I don't follow this very carefully.
From:james_morris
Date:July 20th, 2008 09:22 pm (UTC)
(Link)
Nothing has been deleted, all comments are screened to prevent spam.
From:(Anonymous)
Date:July 21st, 2008 04:24 am (UTC)

Apparmor

(Link)
Shuttleworth http://derstandard.at/?url=/?id=3413801 doesn't seem to be a very strong supporter of apparmor over selinux.
From:(Anonymous)
Date:July 20th, 2008 10:46 pm (UTC)

thanks

(Link)
Hi James,

This looks like a great read :)

- Murray.
From:Jeff Waugh [bethesignal.org]
Date:July 21st, 2008 08:09 am (UTC)

Web terminals

(Link)
There's a few (departure hall near desk A and in the Qantas Lounge) running a newer software stack based on Ubuntu 8.04.1. They're much better, because they don't do what the one in your picture does (ie. fail)! The rest have a sucky hardware/driver issue with the proprietary wireless driver, so they'll shift to a similarly simple software stack (though based on Ubuntu 6.06.2) in the near future.

Man do those suckers get some use! ... but sadly none of them are SELinux-enabled (yet?). ;-)
From:james_morris
Date:July 21st, 2008 09:55 am (UTC)

Re: Web terminals

(Link)
What we need is someone to package kiosk mode for Ubuntu.
From:Jeff Waugh [bethesignal.org]
Date:July 21st, 2008 10:59 am (UTC)

Re: Web terminals

(Link)
That would be rad... I thought this was going upstream though, so they'll eventually get it. ;-)

(The airport terminals are a somewhat different use case, which at this point is really only covered nicely by Opera. If I could spend more time on it, I'd start mucking around with a serious kiosk version/mode for Firefox...)
James Morris Powered by LiveJournal.com