---

ONLamp: Realistic SELinux

“SElinux is an impressively designed but notoriously
hard-to-configure set of kernel hooks that enforce Orange
Book-style security on Linux. Full support for SELinux takes
effort, but when I first heard about Fedora’s new targeted policies
for SELinux, I was willing to tell the Red Hat folks ‘thanks, but
no thanks.’ A conversation with their Dan Walsh changed my
mind.

“The original SELinux approach was that anything not expressly
permitted was forbidden. Technically, this meant that every program
anybody would ever run had to be configured with a policy
that indicated what files it could touch, who could run it, and
every other aspect of the program that might present a risk…”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis