Schedule: SELinux don't just switch it off
| Speakers | |
|---|---|
|
Jens Kuehnel |
| Schedule | |
| Day | Saturday |
| Room | H.1309 |
| Start time | 15:00 |
| End time | 16:00 |
| Duration | 01:00 |
| Info | |
| Event type | Podium |
| Track | CentOS + Fedora |
| Language | English |
Security-Enhanced Linux (SELinux) is a Linux feature that provides a variety of security policies, including U.S. Department of Defense style mandatory access controls, through the use of Linux Security Modules (LSM) in the Linux kernel. It is not a Linux distribution, but rather a set of modifications that can be applied to Unix-like operating systems, such as Linux and BSD.
Its architecture strives to streamline the volume of software charged with security policy enforcement, which is closely aligned with the TCSEC (Orange Book) requirement for TCB minimization (applicable to evaluation classes B3 and A1) but is quite unrelated to the least privilege requirement (B2, B3, A1) as is often claimed. The germinal concepts underlying SELinux can be traced to several earlier projects by the U.S. National Security Agency.