Hello Everyone, I have put together a series of proposals for OLS this year which include a talk on Labeled-NFS, an SELinux BOF, and an SELinux tutorial. You will find them attached to this email. If you have any questions/comments/and or complaints please feel free to make them. Dave Quigley
BOF: NSA Security-Enhanced Linux (SELinux) The NSA Security-Enhanced Linux (SELinux) BOF is intended to provide a forum for people who are already working on SELinux or are interested in learning about the project. The BOF will begin with a short presentation that briefly describes the background and status of SELinux, reviews recent developments, and discusses current directions for the project. Then the BOF will be opened for discussion, including questions and feedback from developers and users. Likely topics will include: policy development environment and policy generation tools, SELinux administration, Distro integration, network storage support and usability issues.
SELinux is the most widly deployed system for Mandatory Access Controls (MAC) in Linux. Since its debut much has changed as distributions continue to add functionality based on user feedback. Despite its growing availability some people dismiss SELinux because it is "too hard." This tutorial addresses these concerns by providing a basic understanding of SELinux and how to accomplish common SELinux tasks. Topics: How SELinux Works Enabling SELinux Checking for Unconfined Demons Debugging SELinux Policy Errors Using Booleans SELinux Daemons and What They Do Policy Development Considering SELinux in your Development Process Time: 4 hours
As the use of SELinux expands in Enterprise environments customers are requesting the ability to use SELinux with their NFS based network storage. The labeled-nfs project seeks to extend the NFSv4 protocol to provide a generic mechanism for conveying process and file MAC security attribute information for use by security mechanisms employed on the client and server. In this paper we explore the design and implementation for the labeled-nfs effort. We discuss why certain design decisions were made and what impact they have on the implementation of NFS in the Linux kernel and NFS userland infrastructure. Finally we discuss how parts of the labeled-nfs infrastructure can be used in other remote file systems.