I've uploaded the slides from essentially all of the talks I've given to Slideshare. This is likely more useful than my previous strategy of dumping them in a directory and leaving the rest up to search engine bots.

Click here for the full list of slides. They are all published under the Creative Commons attribution share-alike license ( Read more... )

I mean, SLUGs...

Paul Wayper gave a couple of talks on SELinux at this weeks' SLUG meeting, and includes links to a couple of very useful slide decks:

• SELinux for Everyday Users
• SELinux for SysAdmins

The sysadmin slides look particularly useful, as they focus on solving common issues such as running FTP/SAMBA/Apache servers, and provide some very ( Read more... )

Here's an update on the major changes to the kernel security subsystem for the 2.6.30 kernel.

• TOMOYO
  The TOMOYO security framework from NTT was merged. This is the first significant LSM scheme to be merged since SELinux in 2003. TOMOYO is characterized by its targeting of non-technical users, where security policy is automatically generated with ( Read more... )

Just a reminder for SELinux developers and anyone interested in the internals of SELinux that the SELinux Developer Summit CfP closes on July 1st, which is about a week away.


( Read more... )

sVirt (MAC security for Linux Virtualization), which I've previously discussed here, and formally presented at LCA in January, was released today as an integral part of virtualization in Fedora 11.


( Read more... )

Dan Walsh recently introduced SELinux sandbox. This is a mechanism for launching untrusted applications from the command line, which uses a strict MAC policy to isolate the executed application from the rest of the system. There's been a good discussion of the topic LWN, and I thought it might be worth highlighting a few points ( Read more... )

Several Linux security events are planned in association with LinuxCon this year in Portland, Oregon.

• 2009 SELinux Developer Summit
  The CFP for this event has just been published. The developer summit will be held on the 20th of September as an ancillary event of LinuxCon. This is a one-day event, and developers are encouraged to submit proposals ( Read more... )

( Read more... )

The sVirt code has now been merged into the upstream libvirt repository (git mirror). Thanks to Dan Walsh for taking on the remaining userspace development, and Daniel Berrange and the rest of the libvirt folk involved for reviewing and improving the code ( Read more... )

With the recent news of multiple vulnerabilities in Adobe flash and PDF software, folk running Fedora 10 may wish to consider using SELinux to confine browser plugins.

Dan Walsh has previously implemented SELinux lockdown for browser plugins via nspluginwrapper, as discussed here. Unfortunately, this has been disabled by default, due to a clash ( Read more... )