arrow_back What should be PID 1 in a container?
Living with SELinux
Submitted by Toshaan Bharvani (@toshywoshy) on Tuesday, 28 February 2017
Section: Full talk of 40 mins duration Technical level: Intermediate
Security Enhanced Linux, is still disabled in many cases due to fact that most people do not take the time to understand how to work with SELinux. While in it’s current state SELinux has become very easy to manage and increases security on the overall system and most applications. The segregation of compartments increases the overall security impact and changes the way we can secure a system. In current versions of Enterprise Linux most common applications are predefined in SELinux policies and can be adjusted, by using the right booleans, however other applications can be added easily with the integrated tools, allowing you to run any custom application with SELinux enabled for that application. The presentation explains what SELinux is, how it works, and some practical
use cases. It will briefly show how to implement the predefined policies and how to generate custom policies.
- Explain traditional Linux permissions
- Explain SELinux Manditory Access Control system
- Explain the mechanisms SELinux uses
- Short examples on the common problems encountered when using SELinux
- How to understand SELinux problems
- How to solve the most common SELinux problems using booleans
- How to generate SELinux custom policies
Basic Linux knowledge
Toshaan Bharvani is a IT consultant, currently self-employed at VanTosh,
with a interest in Open Source Software and IT Hardware. He started his
IT interest at the age of 5, when his father gave him his first own PC
components. Ever since he has been interested in IT hardware and IT
software. In business, he tends to combine higher level applications
with lower level systems. Toshaan has been involved for some time now in
some open source projects and communities.