Language Selection

English French German Italian Portuguese Spanish

SELinux: Comprehensive security at the price of usability

Filed under
Linux

Operating system security revolves around controlling access. Linux distributions subscribe to the Discretionary Access Control (DAC) mechanism that lets resource owners decide who gets to access the resource and how. People soon realized that DAC is not an ideal solution, as it gives applications the same privileges of the user running them. One compromised application running as root effectively compromises the full system. This led security experts to develop Mandatory Access Control (MAC), which grants access to resources as defined by a security policy, regardless of the user running the application. The Security Enhanced Linux (SELinux) project is the first mainstream implementation of MAC.

The benefit of SELinux is twofold. First, it replaces the user-based model with a policy-centric model. Every action, like running an application or reading and modifying data, is controlled by a security policy. Actions that violate the policy are denied. Additionally, SELinux compartmentalizes the various applications and processes running on the system. This not only helps in isolating a break-in, but also confines the damage caused by one compromised service.

SELinux plugs into the Linux distribution through the Linux Security Module (LSM) hooks, which are available in the 2.6.x kernel series. LSM was designed to integrate security models to work with the kernel, instead of applying them as a patch.

Full Story.

More in Tux Machines

Lenovo G50 & CentOS 7.2 MATE - Fairly solid

Is there a perfect track record for any which distro? No. Do any two desktop environments ever behave the same? No. Is there anything really good and cool about the MATE offering? Yes, definitely. It's not the finest, but it's definitely quite all right. You do get very decent hardware support, adequate battery life and good performance, smartphone and media support is top notch, and your applications will all run happily. On the other hand, you will struggle with Samba and Bluetooth, and there are some odd issues here and there. I think the Gnome and Xfce offerings are better, but MATE is not to be dissed as a useless relic. Far from it, this is definitely an option you ought to consider if you're into less-than-mainstream desktops, and you happen to like CentOS. To sum it all up, another goodie in the growing arsenal of CentOS fun facts. Enjoy. Read more

digiKam 5.2.0 is published...

After a second release 5.1.0 published one month ago, the digiKam team is proud to announce the new release 5.2.0 of digiKam Software Collection. This version introduces a new bugs triage and some fixes following new feedback from end-users. This release introduce also a new red eyes tool which automatize the red-eyes effect reduction process. Faces detection is processed on whole image and a new algorithm written by a Google Summer of Code 2016 student named Omar Amin is dedicated to recognize shapes and try to found eyes with direct flash reflection on retina. Read more

Games for GNU/Linux

Linux Graphics