Gunnar Hellekson has just written a cool article on how SELinux is an enabling technology.
Blogs like this add a little skip to my step. It makes you feel like you are doing something right.
I spent most of the week at LinuxCon working with other SELinux developers and security enthusiasts. Monday was the security summit and I demonstrated the latest features in the SELinux sandbox. This included a potential replacement for the MLS desktop and XACE using sandbox. More on that later.
Eamon Walsh (no relation) of the NSA has begun hacking on a cut and paste utility. This utility will prompt the user before allowing cutting and pasting between sandboxes. Hopefully Eamon will get this working. Being able to securely cut and paste is necessary for both MLS desktops and sandboxes.
Intel and Nokia were pushing MeeGo, and I talked to their security people at the show. The MeeGo security architecture seems to be more about protecting the device from the user than protecting the user's data from malicious code. The architecture's security goals align more with those of the access providers and content providers.
Sadly, when asked about using advanced security features on the MeeGo handset, Thomas Miller, Head of MeeGo Ecosystem Development at Nokia, indicated that Nokia would not turn on any security feature which would decrease performance.
What could possibly go wrong...?
My wife is struggling to use an HP Mini netbook as a laptop. It is time to start experimenting again. I plan on taking the MeeGo Fedora Spin and trying to get it working with SELinux and the xguest user, perhaps adding a tab that launches a web browser to your bank for online banking.
Dan Walsh's Blog
- SELinux enabling change...