[ubuntu-us-ut] SELinux Support in 8.04

Bob thenetduck at gmail.com
Wed Mar 19 18:52:30 GMT 2008

Im Sold,

Tell me how to help bug and ill be all over it. I will have to run in in
VMware though. (100% ubuntu and don't wanna mess with my main machine) 

The Net Duck
On Wed, 2008-03-19 at 12:11 -0600, Christer Edwards wrote:
> On Wed Mar 19, 2008 at 11:57:16AM -0600, BJ Cardon wrote:
> > Can you sell us SELinux for those of us unfamiliar with it?
> > 
> > BJ
> SELinux is secure. Apparmour (default) is not ;)
> http://en.wikipedia.org/wiki/SELinux
> http://www.nsa.gov/selinux/
> basically SELinux babysits a targeted list of processes on your machine
> and makes sure they behave.  It can be thought of as pre-emptive
> security for vulnerabilities that aren't even discovered yet.
> Example:
> Apache gets a vulnerability and an attacker tries to force the process to
> serve content from /etc (probably a bad idea).  SELinux refers to a
> security context list and smacks Apache upside the head for trying to
> read files it shouldn't. Apache is never able to server the private
> content.
> Apparmour, which is the default in Ubuntu & SUSE, tries to do something
> similar but its implementation is not as granular and easier to bypass.
> Plus, Apparmour was maintained by a small group at Novell.. and then
> Novell fired them, so it has a very small un-funded support base.
> SELinux is actively developed by Redhat, the NSA and a number of
> companies nationwide.
> Christer

More information about the ubuntu-us-ut mailing list