Mandatory Access Control (MAC) with SELinux
SELinux is a vey useful security extension. Once it is activated, SELinux runs more or less transparently in the background, monitoring the running system – as long as the distributor has paved the way by providing a policy worthy of that title. As of this writing, Fedora is the leading distribution in this respect.
Recent releases have improved the usability of SELinux; for example, the SELinux logs are easier to read than before with the setroubleshootd tool. Even inexperienced users can develop their own policy modules to place new programs under the protective shield of SELinux, with a little help from the graphical front end, system-config-selinux.
- NSA SELinux website: http://www.nsa.gov/selinux
- Reussell Coker's SELinux Debian play machines: http://www.coker.com.au/selinux/play.html
- Dan Walsh, Creating a Kiosk Account: http://danwalsh.livejournal.com/13376
- "A Step-By-Step Guide to Building a New Policy Module", by Dan Walsh, Red Hat Magazine, August 2007: http://redhatmagazine.com/2007/08/21/a-step-by-step-guide-to-building-a-new-selinux-policy-module.html
Buy this article as PDF
Linux Foundation's big event celebrates the 25th anniversary of Linux
Competitors get in the game with RHEL without Red Hat
Security researchers have already notified Microsoft; some fixes are available
The company is collaborating with Google and Intel to use Kubernetes as an engine for Fuel
Customers can take a free test drive of SLES for HPC on the Azure Cloud
San Francisco-based chip company announces their first fully open source chip platform.
The whole distro gets rebuilt on glibc 2.3
Ubuntu Vendor tries to solve app packaging and distribution problem across distributions.