FLOSS Weekly 156

From The Official TWiT Wiki
Jump to: navigation, search
FLOSS Weekly
Episode 156

Guest(s)

Dan Walsh from SELinux

Topics

  • History
    • Started in the NSA (the security side, not the spy side)
  • Architecture
    • Labels for all items on the PC (files, processes, etc)
    • Permissions are given out for a particular label
    • Very granular control

For instance: Limits that apache could only talk to the DB through a named port. So if the apache process was broken into, it still couldn't mess with the database outside that one named port.

  • Available for many distros
    • Default install for RHEL/Fedora
  • Designed to be transparent to the user
    • 70% of RHEL/Fedora installs run with it
    • Interactive users are run in an unaffected mode
    • Users would run into trouble if they do something like change the port apache listens on
    • Popup notification when SELinux is stopping something, guides you through working on fixing it

External Links

Questions from the audience

Sponsors

no ads

Production Information

  • Edited by: Jeff
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.