[ubuntu-hardened] list intro and SELinux
Stephen Carpenter, KSC
sjc at carpanet.net
Wed Oct 31 17:23:13 GMT 2007
On Tue, Oct 30, 2007 at 11:16:26PM -0400, Christer Edwards wrote:
> Now that the list is back alive and we've seen a bit of activity it
> might be a good idea for a few quick introductions so we know who
> we're working with and where the best skills lie.
> First off there are currently 302 subscribed members to this list
> which looks very promising. With this kind of group I'm sure we can
> get a lot done. If you'd like to volunteer any information about
> yourself ( I know, bad idea on a security list right ) it may help us
> leverage the best skillsets in the best places.
I used to be a Debian developer, but most of the packaging I have done
in the past few years has been under Solaris. I use RHEL on the servers
at work, and am the one who develops the builds and investigates new
I have been to RH SELinux training, and am quite comfortable dicking
around with policy. I ripped the targeted policy from a RHEL system and
got it to mostly work (load and not break anything anyway) under Ubuntu,
though that was a while back (edgy?)
Has anyone worked with it recently? IS there a targeted package that
isn't total junk? (last I tried, installing the ububtu/debian targeted
packages that I found it was a nightmare). It would be clutch to have a
common base to make improvments from both to make collaboration easier
and to make syncing with upstream easier.
As someone who drank the SELinux cool aide, I would like to see a source
package that is geared towards generating binary policy packages to
install, afterall, that is the SELinux model.... it should be the normal
mode of use.
Overall tho, I see this as more useful to servers than desktops or
laptops. Laptops especially are far better served by encrypted devices
and the like.
I am particularly interested in hearing experiences with using SELinux
in XEN domUs, as I see that as being where I would primarily do any work
"Society prepares the crime; the criminal commits it."
-- Henry Thomas Buckle
More information about the ubuntu-hardened