[Security_sig] Question 2 from the Paris F2F

Chris Wright chrisw at osdl.org
Tue Jun 14 15:17:29 PDT 2005


* Mary Edie Meredith (maryedie at osdl.org) wrote:
> The guest LUAC speaker at the face to face expressed concern 
> about the complexity of SE Linux (already discussed on this 
> list).  
> 
> DCL TWG wanted me to uncover recommendations for a work-around.  
> 
> I think this could be ways to make SELinux easier, or alternatives 
> to SE Linux (with the security implications), or perhaps something
> I haven't imagined.

This is a long conversation.  There is ongoing work to help reduce the
pain of SELinux configuration (see the tresys setools for example,
<http://www.tresys.com/selinux/selinux_policy_tools.html>).

> Can you impart any advice?

First, understand your own security requirements.  Second, explain in
specific detail what's tough to do in SELinux.  For example, is this an
issue with existing policy definitions, then work with communities
involved to flush out those policies.  Typically the issues are with
building a new policy for some custom application.  This is non-trivial,
for starters, you need to be able to understand the security
requirements of the application.

There are alternatives as well.  Perhaps something as simple as a simple,
small private namespace is enough.  Or LSM's such as, SuSE is using
AppArmor, then there's LIDS, Umbrella, Trustees, etc.  Most (all?) of
those have caveats that are complicated by filesystem namespace issues,
some of which can be mitigated by the environment, some of which are
tougher to deal with.

The "SELinux is too hard, what do we do?" question is common, but it's
really helpful to have specifics, otherwise it's difficult to have a
meaningful conversation.

thanks,
-chris



More information about the security_sig mailing list