OLS 2008 SELinux Proposals for review and comments

[Dave Quigley]

Hello Everyone,
    I have put together a series of proposals for OLS this year which
include a talk on Labeled-NFS, an SELinux BOF, and an SELinux tutorial.
You will find them attached to this email. If you have any
questions/comments/and or complaints please feel free to make them.

Dave Quigley
-------------- next part --------------
BOF: NSA Security-Enhanced Linux (SELinux)
The NSA Security-Enhanced Linux (SELinux) BOF is intended to provide a
forum for people who are already working on SELinux or are interested in
learning about the project. The BOF will begin with a short presentation
that briefly describes the background and status of SELinux, reviews
recent developments, and discusses current directions for the project.  Then
the BOF will be opened for discussion, including questions and feedback from
developers and users.

Likely topics will include: policy development environment and
policy generation tools, SELinux administration, Distro integration, network
storage support and usability issues.
-------------- next part --------------
SELinux is the most widly deployed system for Mandatory Access Controls (MAC)
in Linux. Since its debut much has changed as distributions continue to add
functionality based on user feedback. Despite its growing availability some
people dismiss SELinux because it is "too hard." This tutorial addresses
these concerns by providing a basic understanding of SELinux and how to
accomplish common SELinux tasks.

Topics:
How SELinux Works
Enabling SELinux
Checking for Unconfined Demons
Debugging SELinux Policy Errors
Using Booleans
SELinux Daemons and What They Do
Policy Development
Considering SELinux in your Development Process

Time: 4 hours
-------------- next part --------------
As the use of SELinux expands in Enterprise environments customers are
requesting the ability to use SELinux with their NFS based network storage.
The labeled-nfs project seeks to extend the NFSv4 protocol to provide a
generic mechanism for conveying process and file MAC security attribute
information for use by security mechanisms employed on the client and 
server.

In this paper we explore the design and implementation for the labeled-nfs
effort. We discuss why certain design decisions were made and what impact
they have on the implementation of NFS in the Linux kernel and NFS userland
infrastructure.  Finally we discuss how parts of the labeled-nfs
infrastructure can be used in other remote file systems.