dc7 - 1.0
DebConf7
| Speakers | |
|---|---|
|
Manoj Srivastava |
| Schedule | |
|---|---|
| Day | 9 |
| Room | Upper Talk Room |
| Start time | 11:30 |
| Duration | 00:30 |
| Info | |
| ID | 95 |
| Event type | Lecture |
| Track | DebConf |
| Language | English |
| Feedback | |
|---|---|
|
Did you attend this event? Give Feedback |
SELinux for dummies
An introduction to the SELinux for stable sub-project
This talk describes what it takes to set up a machine running Etch to work with SELinux targeted policies. It contains pointers to and a walk through of a process of securing a machine; including additions to policy, and how to setup a machine with back-ported packages with SELinux fixes that did not make it into Etch. The talk would be illustrated with a live example.
Even with Etch, the SELinux support is mostly present, but does not come active out of the box. There are a sequence of steps to take to convert an existing machine into a functional SELinux machine running targeted policy in enforcing mode. There are SELinux patches that did not make it into Etch, for example PAM and coreutils have older versions of the SELinux patches. There have been changes in SELinux policy, and things that work only with newer kernel versions (2.6.20 has some added networking changes). This talk will lay the ground work for a SELinux repository and associated HOWTO's that will track changes in SELinux, and back-port changes to related packages. Consider this an introduction to a SELinux sub-project that'll keep Etch machines supported with changes in SELinux security.