DevConf 2017

Scaling platforms and services. Co-hosted by Rootconf, Red Hat and the Linux Foundation.

SELinux Support over GlusterFS

Submitted by Jiffin Tony Thottan (@thotz) on Apr 6, 2017

Section: Crisp talk of 15 mins duration Technical level: Intermediate Status: Rejected


This talk will cover two open source technologies SELinux and GlusterFS. GlusterFS is software defined storage. SELinux otherwise known as Security Enhanced Linux is security module available in linux kernel through which security policies can be defined. Although it is widely used in linux world , no one has tried it with a distributed file system.So why it is important for software defined storage or in distribute storage ? The user specific security options available for end user is always limited(one of them is acl). First of all it is an additional security flavor for the end user. From a point of storage as a service, it is one of the key security feature which an end user can directly use. There are different clients which tries to provide this facility. In case of NFS, Labeled NFS is effort put on nfsv4 protocol which avails the same.


The entire talk covers how SELinux feature can be implemented in a distributed file system, taking GlusterFS as an example. GlusterFS has a stackable architecture so that we can easily plug this feature. Each layer in this stack is known as translator. In case of SELinux a new translator will introduced at server side. The SELinux context are stored at backend as extended attributes named as “security.selinux”. So this translator will handle all the getxattr/setxattr calls from the client.

Speaker bio

Jiffin Tony Thottan is working as Software Engineer in Red Hat and part of Red Hat Storage Team. Jiffin Tony Thottan actively participating, contributing to communities such as Gluster and NFS-Ganesha. My area of interest includes software defined storage, protocols such as NFS and security measures like acl, selinux and kerberos.



  • sankarshan mukhopadhyay (@sankarshanmukhopadhyay) 3 years ago

    Thank you for submitting this proposal. Since you indicate that this is a 15 minute talk, are you assuming that the audience has an intermediate → advanced level of understanding about SELinux and SELinux internals?

    • Jiffin Tony Thottan (@thotz) Proposer 3 years ago

      I expect the audience to have basic understanding of SELinux. Here my main focus on the presentation will be on the SELinux translator existing on Gluster stack, so it covers how easy to implement simple features for Gluster with help of translators.

  • Zainab Bawa (@zainabbawa) 3 years ago

    Please upload and share link – by end of this week – to a two min preview video explaining what this talk is all about and why should the audience attend it. We also require draft slides to evaluate this proposal.

Login to leave a comment