Demystifying SELinux: WTF is it saying?

Dave Quigley (KEYW Corporation)
Operations
Location: E146
Average rating: ****.
(4.11, 9 ratings)
Slides:   1-ODP    external link

SELinux is a mandatory access control mechanism for Linux systems found in several main stream distributions. All those fancy security terms may be scary but in truth with a little bit of knowledge its possible to find out WTF SELinux is saying to you.The talk will provide an introduction to SELinux to help ordinary people understand basic SELinux concepts and deal with issues that may arise during the operation of an SELinux enabled system.

While more and more people are starting to do the legwork in understanding SELinux instead of turning it off right away it still seems like black magic to a great number of people. I’m here to let you know that with a little bit of time and a few simple commands already on your Linux machine you can begin to chip away at the SELinux’s hard shell and get to the creamy nougat of understanding in the middle.

In the talk I’ll first try to convince you that what SELinux does is important and that you shouldn’t turn it off. Next I will go over the basics of what SELinux is and how it decides to protect your system using a lovely audience member and an easy to understand exercise. Then i’ll briefly cover the tools available to you to be able to ask and answer the question “WTF is SELinux trying to tell me?” Finally i’ll show two examples of SELinux problems and fix them live in front of the audience with no safety netting.

At the end of the talk you’ll be flying high with your new understanding of SELinux and be ready to take on the world. Next time someone says SELinux instead of having that nauseous feeling in the pit of your stomach you’ll be able to stand tall and say “Wait a minute! I saw a talk on SELinux and I know WTF its saying to me!”

Photo of Dave Quigley

Dave Quigley

KEYW Corporation

David Quigley started his career as a Computer Systems Researcher for the National Information Assurance Research Lab at the NSA where he worked as a member of the SELinux team. David leads the design and implementation efforts to provide Labeled-NFS support for SELinux. David has previously contributed to the open source community through maintaining the Unionfs 1.0 code base and through code contributions to various other projects. David has presented at conferences such as the Ottawa Linux Symposium, the StorageSS workshop, LinuxCon and several local Linux User Group meetings where presentation topics have included storage, file systems, and security. David currently works as a Computer Science Professional for the Advanced Engineering and Development division at Keyw Corporation.

Sponsors

Sponsorship Opportunities

For information on exhibition and sponsorship opportunities at the conference, contact Sharon Cordesse at (707) 827-7065 or scordesse@oreilly.com.

Contact Us

View a complete list of OSCON contacts