SELinux now integrated into
Enterprise Linux 4

Corporations today are challenged with keeping system downtime to a minimum. This, of course, means keeping their security at a maximum. The National Security Agency (NSA) and the Linux community have combined efforts to solve this growing problem. Their solution: Security-Enhanced Linux (SELinux).

SELinux was introduced in Fedora™ Core 2, continued to improve in Fedora Core 3, and is now fully integrated into Red Hat® Enterprise Linux® 4. Red Hat supports the development of SELinux and is included along with seven Red Hat developers on the NSA's list of SELinux contributors: Russell Coker, Ulrich Drepper, Steve Grubb, Roland McGrath, James Morris, Dan Walsh, and Colin Walters.

Additional contributors from Red Hat include:

• Jeff Johnson: Added SELinux support to RPM. allowing RPM to set file context at install time. Overall design.
• Jeremy Katz: Modified Anaconda to seamlessly install SELinux and configure packages, policy fixes, design.
• Harald Hoyer: udev integration
• Joe Orton: Apache Policy Work
• Bill Nottingham: Initscripts integration, overall design
• Nalin Dahyabhai: pam, MAKEDEV integration, Kerberos, Telnet, rlogin, rsh policy. Overall design.
• QA: testing
• Release engineering: building and testing integration
• Countless engineers who run and test it every day

SELinux Symposium

The very first Security-Enhanced Linux Symposium is scheduled for March 2-4, 2005 in Silver Springs, Maryland. The keynote speaker will be Daniel G. Wolf, Director of the Information Assurance Directorate at the NSA.

Red Hat is an event sponsor. In addition, Russell Coker, James Morris, Dan Walsh, and Colin Walters from Red Hat will be speaking at the SELinux Symposium.

Russell Coker will be hosting the hands-on tutorial Installing and Administering an SELinux System for system administers and developers. He will demonstrate how to install SELinux, perform basic administration and configuration, and explain the differences between Fedora Core's targeted and strict policy.

James Morris will be hosting the Architecture of SELinux Network Access Controls technical session. Implementing network access control via SELinux and future SELinux network development will be discussed.

Dan Walsh will be delivering the technical session Targeted vs Strict Policy History and Strategy. After Fedora Core 2 was released, it was quickly realized that the targeted policy was not suitable for all users. Dan will address the question of targeted versus strict policy and the evolution of targeted policy.

Colin Walters will discuss SELinux and the Linux Desktop in his technical session. Using SELinux to combat the threat of automated worms is the focus.

Further reading

For more information on SELinux:

• Russell Coker's article in Issue 1 of the magazine
• Filesystem Labeling in SELinux
• SELinux: A New Approach to Secure Systems