[Wolves] Nsa using linux

[Shane M. Coughlan]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Peter Cannon wrote:
> SELinux has been around for ages in Fedora Core SuSE has its own version 
> called AppArmor. These two solutions are really a quasi second fiewall 
> controlling applications and their installation and functionality by either 
> letting them install/run. In effect it will stop applications executing or 
> accessing resources so its not a 'Flavor of Linux' its a security feature of 
> Linux.

SELinux is short for Security Enhanced Linux.  It's a series of
enhancements to make Linux more secure.  This security is obtained by
policies that determine how applications can run on a given system.

SELinux and AppArmor are not the same.  AppArmor is less granular and
focuses on simplicity for the end user.  SELinux is focused on ensuring
that applications act in the way you want them to act.

A key problem with SELinux is that to create policies that accomplish
security goals can take a while.  It's pretty complex.  The project I am
working on is trying to deal with that; we're offering a relatively
simple way to get a default policy in place (a la AppArmor).

> I'm not convinced it has a place in the business world either as a good 
> sysadmin should be able to control what users are allowed to install/run.

Applications run without a large degree of control over their actions.
SELinux creates policies that give clearly defined parameters for the
application to execute and interact with the user and userspace data.

Shane

- --
Shane Martin Coughlan
e: shane at opendawn.com
m: +447773180107 (UK) +353862262570 (Ire)
w: www.opendawn.com
- ---
OpenPGP: http://www.opendawn.com/shane/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iQCVAwUBRO7cftwG3M95JPpzAQi/lgQAtA3ueoEvU3sR5d3neiQrXhvf8DalWNyF
7sAHuTOYjtTEtp2uubB5CnrufTiOThiYfhgBkryoKG2xGrZzuartupjGqwkpkzig
d5KtbWFfkWRJd/bj11SWA+5Z0jwMu3VijJfWgTzyAmmGVpMlEhOS4yf9NunWN/2+
5bY2igw6TBY=
=AsZg
-----END PGP SIGNATURE-----