SELinux: A deep dive
Submitted by REJY M CYRIAC (@rejy) on Wednesday, 12 April 2017
All through the changes at how software is deployed and used, bare-metal to VMs to Containers, SELinux has always stayed relevant to at ensuring sanity is maintained at the level of securing the system. SELinux is now a well accepted piece of various security certification standards, and administrators have over the years grown comfortable with SELinux being used to secure systems. But with the DevOps and agile development model, the challenge has been with ensuring that software being deployed does not break the existing SELinux polices. When that happens, and due to lack of knowledge around SELinux, DevOps teams may be inclined to turn off the system protection being rendered by SELinux, in order to get the software working. The ideal model of development should rather be simultaneous development of custom SELinux modules along with software development, so that the existing system security by SELinux is not broken and the software being deployed is also protected by SELinux.
1 hour: Brief summary on the SELinux basics.
1.5 hours: Hands-on session on building custom SELinux modules
15 mins: Q&A.
- Attendees should preferably have Laptop/VM with Fedora 25 installed and fully updated
- Fedora 25 VM images can be made available at venue, but better if already available ready to run at end systems
- Attendees have network access to install packages over network, from a central packages repository.
Rejy works at Red Hat as a Senior Program Manager - Technical. He is a user and evangelist of SELinux for over 12 years. He has trained and assisted SysAdmins/DevOps to use SELinux on servers. He’s a Red Hat Certified Architect.