| SELinux and the New York Stock Exchange |
[May. 16th, 2008|09:17 am] |
One of my goals and the goals of upstream developers was to create SELinux in such a way that it could be used by more then just the military/Department of Defense. Traditional Mandatory Access Control Systems were built around the concept of Multi Level Security where the data and process would run at different security levels: Confidential, Secret and TopSecret. Most non DOD environments don't classify their employees or data in this way. They are much more like to define their security goals around what a user or a process is designed to do.
- Apache is supposed to read these directories and connect to these ports.
- USER-X Should not be allowed to execute files in his home directory.
- The database should only be access through its unix domain socket.
All of these relationships can be described and written using type enforcement rules. If I add a type/label to a process and a type/label to all files/objects on the system. I then write rules on how the processes interact with the objects. This is what SELinux does. This is what type enforcement does.
What is a process supposed to do?
Allow the process to do this and nothing else.
In the case of a logged in user, you group all the processes together under a single type (guest_t). And then you end up with all processes running as guest_t. None of them can execute in the home directory, None can connect to the network, none can execute the setuid system call to become root.
Often I give talks on SELinux and we get too deep into the internals of SELinux, I believe we need to bring it down to these simpler terms.
The beauty of this system is that it works for everyone from the highest levels of security in DOD environments down to the kiosk machine at your local library.
Are non government entities starting to use SELinux? You betch ya.
New York Stock Exchange |
|
|
![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small}
danwalsh's journal