Linux Today: Linux News On Internet Time.

SearchOpenSource: Author Dishes on SELinux Enhancements to RHEL5

Oct 18, 2006, 06:00 (0 Talkback[s])
(Other stories by Jack Loftus)

[ Thanks to Jane Walker for this link. ]

SearchOpenSource.com: SELinux has earned a reputation for being complex. What's being done in Red Hat Enterprise Linux 5 to ease that complexity?

"Karl MacMillan: As far as addressing complexity, there are two challenges--to create policy and then to deploy the policy. With the new loadable modules in RHEL5, the focus is on the second problem. How does one ship the product to third parties and allow administrators to make changes? Essentially, what happens with Security-Enhanced Linux is in order to address security issues that exist out there, you have to have a mechanism that controls all access on a system. When you think of normal Linux access control, you are dealing only with processor access, file systems, control interfaces and networking, and they are very far removed from the normal Linux access mechanism. For example, even if you control access to writing files that MySQL uses, MySQL is still attacked over the network or via interprocessor communication. People aren't used to dealing with all of the kinds of access that a complex program like MySQL needs, and more importantly, the interaction between [the accesses] gets complicated..."

Complete Story

Related Stories: