Mandatory Access Control (MAC) with SELinux
SELinux is a vey useful security extension. Once it is activated, SELinux runs more or less transparently in the background, monitoring the running system – as long as the distributor has paved the way by providing a policy worthy of that title. As of this writing, Fedora is the leading distribution in this respect.
Recent releases have improved the usability of SELinux; for example, the SELinux logs are easier to read than before with the setroubleshootd tool. Even inexperienced users can develop their own policy modules to place new programs under the protective shield of SELinux, with a little help from the graphical front end, system-config-selinux.
- NSA SELinux website: http://www.nsa.gov/selinux
- Reussell Coker's SELinux Debian play machines: http://www.coker.com.au/selinux/play.html
- Dan Walsh, Creating a Kiosk Account: http://danwalsh.livejournal.com/13376
- "A Step-By-Step Guide to Building a New Policy Module", by Dan Walsh, Red Hat Magazine, August 2007: http://redhatmagazine.com/2007/08/21/a-step-by-step-guide-to-building-a-new-selinux-policy-module.html
Buy this article as PDF
“Xenial Xerus” comes with a new packages format and several improvements for the enterprise.
Linux users can now download and install the Windows code editor
New initiative will address security and interoperability concerns around container technology.
Developers can use RHEL as a development platform without a subscription fee.
Windows users will soon have native access to the Bash shell.
Improvements to SMTP will provide better guarantee of confidentiality
Graphics vendor embraces new reality in Linux graphics
Pioneer Ray Tomlinson bequeathed the @ sign to billions of Internet users
Redmond says its classic database tool will run without Windows
New intrusion technique affects most non-Bluetooth wireless mice