Language Selection

English French German Italian Portuguese Spanish

SELinux: Comprehensive security at the price of usability

Filed under
Linux

Operating system security revolves around controlling access. Linux distributions subscribe to the Discretionary Access Control (DAC) mechanism that lets resource owners decide who gets to access the resource and how. People soon realized that DAC is not an ideal solution, as it gives applications the same privileges of the user running them. One compromised application running as root effectively compromises the full system. This led security experts to develop Mandatory Access Control (MAC), which grants access to resources as defined by a security policy, regardless of the user running the application. The Security Enhanced Linux (SELinux) project is the first mainstream implementation of MAC.

The benefit of SELinux is twofold. First, it replaces the user-based model with a policy-centric model. Every action, like running an application or reading and modifying data, is controlled by a security policy. Actions that violate the policy are denied. Additionally, SELinux compartmentalizes the various applications and processes running on the system. This not only helps in isolating a break-in, but also confines the damage caused by one compromised service.

SELinux plugs into the Linux distribution through the Linux Security Module (LSM) hooks, which are available in the 2.6.x kernel series. LSM was designed to integrate security models to work with the kernel, instead of applying them as a patch.

Full Story.

More in Tux Machines

Terminal app appears in Chome OS Dev, hints at future Linux application support

Back in February, some commits to the Chromium codebase revealed that Chrome OS would soon run Linux applications using a container. While it has been possible for years to run Linux applications on top of Chrome OS using crouton, it's a hacky solution that only works in Developer Mode. Google's solution would presumably work better, and perhaps not require Dev Mode to be enabled. Read more

​What's the most popular Linux of them all?

Let's cut to the chase. Android is the most popular of all Linux distributions. Period. End of statement. But that's not the entire story. Still it must be said, according to StatCounter, Android is the most popular of all operating systems. By a score of 39.49 percent to 36.63 percent, Android beats out Windows for global personal device supremacy. Sorry Windows, you had a nice run, but between your smartphone failures and the PC decline, your day is done. But, setting Android aside, what's the most popular Linux? It's impossible to work that out. The website-based analysis tools, such as those used by StatCounter, NetMarketShare, and the Federal government's Digital Analytics Program (DAP), can't tell the difference between Fedora, openSUSE, and Ubuntu. DAP does give one insightful measurement the others sites don't give us. While not nearly as popular as Android, Chrome OS is more popular than all the other Linux-based desktops combined by a score, in April 2018, of 1.3 percent to 0.6 percent of end users. Read more

Android/ChromeOS/Google Leftovers

Games: SC-Controller 0.4.2, Campo Santo, Last Epoch and More