Rootconf 2017

On service reliability

Living with SELinux

Submitted by Toshaan Bharvani (@toshywoshy) on Feb 28, 2017

Section: Full talk of 40 mins duration Technical level: Intermediate Status: Confirmed & Scheduled

Abstract

Security Enhanced Linux, is still disabled in many cases due to fact that most people do not take the time to understand how to work with SELinux. While in it’s current state SELinux has become very easy to manage and increases security on the overall system and most applications. The segregation of compartments increases the overall security impact and changes the way we can secure a system. In current versions of Enterprise Linux most common applications are predefined in SELinux policies and can be adjusted, by using the right booleans, however other applications can be added easily with the integrated tools, allowing you to run any custom application with SELinux enabled for that application. The presentation explains what SELinux is, how it works, and some practical
use cases. It will briefly show how to implement the predefined policies and how to generate custom policies.

Outline

  • Explain traditional Linux permissions
  • Explain SELinux Manditory Access Control system
  • Explain the mechanisms SELinux uses
  • Short examples on the common problems encountered when using SELinux
  • How to understand SELinux problems
  • How to solve the most common SELinux problems using booleans
  • How to generate SELinux custom policies

Requirements

Basic Linux knowledge

Speaker bio

Toshaan Bharvani is a IT consultant, currently self-employed at VanTosh,
with a interest in Open Source Software and IT Hardware. He started his
IT interest at the age of 5, when his father gave him his first own PC
components. Ever since he has been interested in IT hardware and IT
software. In business, he tends to combine higher level applications
with lower level systems. Toshaan has been involved for some time now in
some open source projects and communities.

Links

Comments

{{ errorMsg }}

You need to be a participant to comment.

Login to leave a comment