On Wed, 5 May 2010, Alan Rouse wrote: > - Software development: Where in the software development cycle do you > introduce selinux? Should application developers have to develop on a > system confined by selinux? Is selinux policy maintenance a software > development task, or a separate phase in the development cycle? > > - System integration: Is this where selinux is first turned on? In a successful case I'm aware of, all updates to applications are tested on a staging system before being rolled out, at which point SELinux is enabled in permissive mode. Any AVCs are treated as regressions and the developers work with sysadmins/security folk to either fix the application or update the system security policy. > - War stories, lessons learned... or anything of the sort It would be great to see something like the above written up as a case study -- for various reasons, people are not always in an ideal position to do so. -- James Morris <jmorris@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
