Rootconf 2014

On devops and cloud infrastructure

Enable SELinux protection for your Service

Submitted by REJY M CYRIAC (@rejy) on Wednesday, 26 March 2014

videocam_off

Technical level

Intermediate

Section

Workshops

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +15

Objective

Provide knowledge to SysAdmins/DevOps , on how to develop new SELinux policy modules, and thereby protect additional services.
The session is also aimed to encourage SysAdmins/DevOps to contribute to building the SELinux policy for wider use and acceptance.

Description

Most well known services are protected either by the SELinux base policy, or through default shipped policy modules. But many less know services, or custom services, may currently not fall under complete SELinux protection.

The objective of the session is to provide knowledge to SysAdmins/DevOps , on how to develop new SELinux policy modules, and thereby protect additional services. The session is also aimed to encourage SysAdmins/DevOps to contribute to building the SELinux policy for wider use and acceptance.

This session will consist of
Examine current SELinux policy rules Analyze SELinux logs Discuss SELinux policy module syntax Use SELinux policy macros * Tools to make SELinux policy module building easier

Requirements

Familiarity with using the Linux command line
Knowledge about SELinux basics
Pledge to never disable SELinux ;-)

Speaker bio

Working at Red Hat, Bangalore - Engineering - Quality Engineering
User and Evangelist of SELinux for over 8 years
Have trained and assisted SysAdmins/DevOps to use SELinux on servers
Passionate about Open Source

Red Hat Certified Architect
Red Hat Certified Data Center Specialist
Red Hat Certified Security Specialist

Links

Comments

  • 1
    Ajey Gore (@ajeygore) 4 years ago

    This is good proposal, only thing which I would want to know as audience - why would I choose to enable SELinux.

    SELinux has been one of the those areas where people just disable it make it targetted and ignore.

    Ajey

    • 1
      REJY M CYRIAC (@rejy) Proposer 4 years ago

      This talk is meant for advanced audiences who already know about SELinux. This talk is about SELinux policy module building.

      The other proposed talk on SELinux - https://funnel.hasgeek.com/rootconf2014/1079-selinux-for-the-uninitiated - is for beginners in SELinux, and will deal with the 'WHY' on enabling SELinux.

Login with Twitter or Google to leave a comment