Russell, that really might be nice... SELinux is a really amazingly wonderful effort to do go things with the available technology to achieve successful outcomes in the nominal positive operation of functional security controls. It is, however, subject to the same conditions that killed Trusted Solaris 8, 10 with TNE, and lots of other things. Sys Admins who just really didn't want to get into figuring our applications and what programmers where asking the OS to do, via calls and required privs... so finding a balance, figuring out what effectively IS 'least priv' = tood hard except for well defined roles and well understood applications. imho. So anything you can do, if you understand things, to get next generation interested and running with SELinux, will help all of us in the long run. Best, Hal
'Cyberspace'
as a term is sort of over. It's over in the way that, after a certain
time, people stopped using the suffix '-electro' to make things cool,
because everything was electrical. 'Electro' was all over the early 20th
century, and now it's gone. I think 'cyber' is sort of the same way.
William Gibson
pgp-public-key-fingerprint-hal-martin-hmarti2atumbcdotedu
65F3 E8EF 02D9 81FA 0CD1 477A 40FC 0838 776E 4538
On Sun, Oct 4, 2015 at 11:56 AM, Russell Coker <russell@xxxxxxxxxxxx> wrote:
No. But I'll probably write a blog post covering much of that material - at least the areas that I've personally worked on.
--
On October 4, 2015 1:35:45 PM GMT+11:00, Thomas Rozenbroek <tom.rozenbroek@xxxxxxxxxxx> wrote:
>Will these lecture(s) be recorded and made available to those of us,
>who
>are not able to attend?
>
>Thank you for your efforts
>
>Respectfully,
>
>thr
>-----
>
>On 10/3/2015 6:38 AM, Russell Coker wrote:
>> I'm going to offer a lecture about the Computer Science aspects of SE
>Linux in
>> the near future. Here's a quick summary of what I'm thinking of
>speaking
>> about.
>>
>> MAC vs DAC.
>>
>> Domain-Type as a concept (not details of implementation).
>>
>> LSM as a concept.
>>
>> PAM and cron modifications. Generally how the Unix users fit in with
>SE Linux
>> and how that can be extended to other MAC systems.
>>
>> Why we modify init and what other options were tested.
>>
>> MLS as a concept in general.
>>
>> File labelling, why and how.
>>
>> Algorithms for optimising setfiles.
>>
>> I'd like to speak about some features of the kernel code. I recall
>reading
>> about the optimisations for 32 core systems some time ago, I'm sure
>there's
>> something in that which is worth mentioning. It's not an area that
>I've
>> worked on, can anyone suggest something I should read about this?
>>
>> Any suggestions for other things I should mention? Note that I'm not
>planning
>> to mention anything about how to actually use SE Linux. There are
>lots of web
>> sites about that and I could offer a lecture on that topic at a
>different venue.
>> The previous lecture in the series was about the design of the Enigma
>machines
>> for WW2 cryptography. The audience want to generally learn about
>maths and
>> science not necessarily learn things that they can actually do.
>>
>> Also the format of the presentation is that it has to finish quickly
>when the
>> pizza arrives. So the items at the bottom of the list may get
>skipped.
>>
Sent from my Samsung Galaxy Note 3 with K-9 Mail.
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
