danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Add to Memories Share Next Entry
SELinux enabling change...
danwalsh
Gunnar Hellekson has just written a cool article on how SELinux is an enabling technology. 

Blogs like this add a little skip to my step.  It makes you feel like you are doing something right.


LinuxCon

I spent most of the week at LinuxCon working with other SELinux developers and security enthusiasts.  Monday was the security summit and I demonstrated the latest features in the SELinux sandbox.  This included a potential replacement for the MLS desktop and XACE using sandbox.  More on that later. 

Eamon Walsh (no relation) of the NSA has begun hacking on a cut and paste utility. This utility will prompt the user before allowing cutting and pasting between sandboxes. Hopefully Eamon will get this working. Being able to securely cut and paste is necessary for both MLS desktops and sandboxes. 

MeeGo

Intel and Nokia were pushing MeeGo, and I talked to their security people at the show.  The MeeGo security architecture seems to be more about protecting the device from the user than protecting the user's data from malicious code.  The architecture's security goals align more with those of the access providers and content providers.

Sadly, when asked about using advanced security features on the MeeGo handset, Thomas Miller, Head of MeeGo Ecosystem Development at Nokia, indicated that Nokia would not turn on any security feature which would decrease performance. 

What could possibly go wrong...?

My wife is struggling to use an HP Mini netbook as a laptop.  It is time to start experimenting again.  I plan on taking the MeeGo Fedora Spin and trying to get it working with SELinux and the xguest user,  perhaps adding a tab that launches a web browser to your bank for online banking.

Although i find it a pity, i can imagine why it is not enabled on these devices. Even with many features disabled one can have the phone on stand-by barely a day during office hours. Let alone with most features enabled.. and then SELinux enabled.

The battery would probably run low in an hour or two. Performance would also decrease although that is in my view probably a lesser problem then power consumption.

Re: SELinux on the phone

danwalsh

2010-08-13 03:20 pm (UTC)

Not sure why power consumption would go up by enabling some security mechanism like SELinux.


You are viewing danwalsh