I'm not sure where to ask a question like this but I bet someone on the list will know…
Are there any guidelines or "best practices" for building products with selinux? (Think network appliances for example.) I have in mind life cycle tasks such as
- Software development: Where in the software development cycle do you introduce selinux? Should application developers have to develop on a system confined by selinux? Is selinux policy maintenance a software development task, or a separate phase
in the development cycle?
- System integration: Is this where selinux is first turned on?
- QA testing: should QA testing include selinux-specific penetration testing? Any guidelines or examples of how this is done? Any tools?
- Who in the development organization needs selinux expertise?
- Are there services that can certify the MAC rules for the operating system? For the product application?
- Any selinux-specific guidance for customers who install the protected appliance?
- Impact on the process for upgrades and patches because of selinux. What not to do… for example, turning off selinux to apply a patch. How to configure a properly confined user for applying patches.
- Organizational policy to complement a properly designed system (separation of duties; physical security; etc).
- War stories, lessons learned… or anything of the sort
Thanks
Alan
