Proposed Session: SELinux Deep Dive
-
I figured this might be a good topic to get deeper into than just chcon -t and chcon --reference.
-
Agreed. I'm not even sure what it's purpose is.
-
While we wait for MangoCon: I found this video helpful for understanding what it does and how to deal with it without disabling it altogether.
-
There's a good one called SELinux for mere mortals. It's a good overview.
-
@Dashrender said:
Agreed. I'm not even sure what it's purpose is.
It adds another layer of security over DAC called MAC (Mandatory Access Control) which allows you to assign classification labels and contexts to files, folders, services, and even ports.
For example say you have a web server and apache becomes compromised. The only thing Apache can touch are things with specific httpd labels.
-
-
@johnhooks upvotes for ninja spaghetti link fix
-
Here's another. I can't find original link since I'm on my phone and lazy, so I'll share the link from my box account.
-
Now the next question: who would we get to teach it?
-
I'm resurrecting this topic for suggestion to discussion for the DFW Mango Meetup.
-
@NerdyDad said in Proposed Session: SELinux Deep Dive:
I'm resurrecting this topic for suggestion to discussion for the DFW Mango Meetup.
Oh nice.
