14 Oct 2016 tags: apparmor audit ima seccomp selinux smack I’m writing this post much later than intended, almost two months later to be honest. I had planned to write up my notes on the 2016 Linux Security Summit like I had done in previous years, but a combination of work, work travel, and my own vacation plans kept me from spending any time on this until now. Unfortunately, those two months have fuzzed away enough of the details that I think writing up my thoughts now wouldn’t be tremendously useful.
The good news is that we have recordings of all the presentations this year, a first for the Linux Security Summit. In case you haven’t seen the videos already, I’ve added them all to a YouTube playlist and put the link below. I’ve also provided a link to my presentation on the “State of SELinux”.
Lastly, I want to thank all the speakers, the program committee, and everyone who attended. In my opinion this was our best Linux Security Summit by almost every metric and I’m already looking forward to next year.
05 Aug 2016 tags: audit selinux I’m on my way back home from my first Flock conference and I can say that I’m very happy I was able to attend. The talks were quite good, especially the presentations and demos around the Fedora Modularity effort, but as usual the real value was getting a chance to talk with other developers and contributors face to face.
At Flock I did give a presentation discussing some of the development kernel testing I’ve been doing over the past year with the SELinux and audit trees. The talk was recorded and once I have a link, I’ll update this post; in the meantime I’ve put a link to the slides (in PDF form) below. If you have any questions I’m always happy to talk over email/Twitter.
UPDATE: The Fedora Project’s video of the presentation has been linked below.
04 Aug 2016 tags: audit selinux Linux 4.7 was released almost two weeks ago, but due to some travel I haven’t had any time to write up the usual release notes. However, I did manage to find a few minutes, so without further delay I present to you the SELinux and audit highlights in the latest Linux Kernel major release.
SELinux
-
Add the ability to restrict kernel module loading via the new “system:module_load” permission.
-
Distinquish between the init and non-init user namespaces when performing capability checks. The init namespace uses the existing “cap” and “cap2” object classes while non-init user namespaces use “cap_userns” and “cap2_userns”.
-
Apply the “process:execstack” check to thread stack’s allocated via mmap().
Audit
- Add the terminal information to the LOGIN record via the “tty” field.
