Language Selection

English French German Italian Portuguese Spanish

SELinux: Comprehensive security at the price of usability

Filed under
Linux

Operating system security revolves around controlling access. Linux distributions subscribe to the Discretionary Access Control (DAC) mechanism that lets resource owners decide who gets to access the resource and how. People soon realized that DAC is not an ideal solution, as it gives applications the same privileges of the user running them. One compromised application running as root effectively compromises the full system. This led security experts to develop Mandatory Access Control (MAC), which grants access to resources as defined by a security policy, regardless of the user running the application. The Security Enhanced Linux (SELinux) project is the first mainstream implementation of MAC.

The benefit of SELinux is twofold. First, it replaces the user-based model with a policy-centric model. Every action, like running an application or reading and modifying data, is controlled by a security policy. Actions that violate the policy are denied. Additionally, SELinux compartmentalizes the various applications and processes running on the system. This not only helps in isolating a break-in, but also confines the damage caused by one compromised service.

SELinux plugs into the Linux distribution through the Linux Security Module (LSM) hooks, which are available in the 2.6.x kernel series. LSM was designed to integrate security models to work with the kernel, instead of applying them as a patch.

Full Story.

More in Tux Machines

Eltechs Debuts x86 Crossover Platform for ARM Tablets, Mini-PCs

The product, called ExaGear Desktop, runs x86 operating systems on top of hardware devices using ARMv7 CPUs. That's significant because x86 software, which is the kind that runs natively on most computing platforms today, does not generally work on ARM hardware unless software developers undertake the considerable effort of porting it. Since few are likely to do that, having a way to run x86 applications on ARM devices is likely to become increasingly important as more ARM-based tablets and portable computers come to market. That said, the ExaGear Desktop, which Eltechs plans to make available next month, currently has some steep limitations. First, it only supports Ubuntu Linux. And while Eltechs said support for additional Linux distributions is forthcoming, there's no indication the product will be able to run x86 builds of Windows on ARM hardware, a feat that is likely to be in much greater demand than Linux compatibility. Read more

It's Elementary, with Sparks, and Unity

In today's Linux news Jack Wallen review Elementary OS and says it's not just the poor man's Apple. Jack Germain reviewed SparkyLinux GameOver yesterday and said it's a win-win. Linux Tycoon Bryan Lunduke testdrives Ubuntu's Unity today in the latest entry in his desktop-a-week series. And finally tonight, just what the heck is this Docker thing everybody keeps talking about? Read more

5 Linux distributions for very old computers

This is part 4 in a series of articles designed to help you choose the right Linux distribution for your circumstances. Here are the links to the first three parts: Which desktop environment should you use? 5 easiest to use Linux distributions for modern machines 5 easiest to use Linux distributions for older machines Some of you will have computers that are really old and none of the solutions presented thus far are of much use. This guide lists those distributions designed to run with limited RAM, limited disk space and limited graphics capabilities. Ease of use is sometimes comprimised when using the really light distributions but once you get used to them they are every bit as functional as a Ubuntu or Linux Mint. Read more

Open source software: The question of security

The logic is understandable - how can a software with source code that can easily be viewed, accessed and changed have even a modicum of security? opensource-security-question Open source software is safer than many believe. But with organizations around the globe deploying open source solutions in even some of the most mission-critical and security-sensitive environments, there is clearly something unaccounted for by that logic. According to a November 28 2013 Financial News article, some of the world's largest banks and exchanges, including Deutsche Bank and the New York Stock Exchange, have been active in open source projects and are operating their infrastructure on Linux, Apache and similar systems. Read more