In the last few weeks, there have been three significant events in the adoption of SELinux and Type Enforcement. They’re all exciting, and each is a testament to the long-term success and viability of the TE approach. Even more exciting, though, is the fact that none of these announcements came from Red Hat. After carrying the flag for so long, it’s gratifying to see other communities join the effort to make serious security a standard feature in general-purpose operating systems.
First, Sun has announced that they will be porting Flask to OpenSolaris in cooperation with the NSA, calling it Flexible Mandatory Access Control, or FMAC. If this sounds familiar, it should - it’s very similar to the deal NSA and Red Hat struck in 2004, when SELinux was just gaining interest from a broad audience.
While Sun obviously isn’t working on SELinux, they’ll be taking Type Enforcement, the theory behind SELinux, and bringing it to the OpenSolaris project. This is gratifying to Red Hat, of course, as this is significant endorsement of the TE approach. The work will be in OpenSolaris and not Solaris proper, and it’s not clear how the Flask work will be ported from OpenSolaris to Solaris, but nevertheless I’m sure I speak for everyone on the SELinux team at Red Hat in welcoming Sun to the fold.
Second, SELinux is now available on the new Ubuntu release, Hardy Heron. In the past, SELinux has been stigmatized by being a "Red Hat" thing, or a "Fedora" thing, even though Gentoo and Debian have incorporated it in the past. With the addition of another high-profile distribution, that seems to be changing.
Third, the good people at Tresys and the rest of the SELinux team have released a new Reference Policy for SELinux. This new policy adds a very exciting new feature: support for XACE/XSELinux. In other words, the framework is now in place to label an OpenOffice document window as "Company Confidential" or "Secret," and enforce rules around how data in that window can be used. At the same time, Red Hat has contributed support for a number of new features, including confined users, so you can say "let this person log in, but don’t let them run X Windows or use the network," or "let this staff member log in, but only let him manage the web server." Imagine how useful it would be to have these features and that kind of protection in every Linux distribution. Even private sector customers can appreciate how useful it could be for HIPPA or SOX compliance.
Viewed from a distance, I think there are a few reasons for this sudden surge in interest:
First, SELinux is now much easier to use that it’s been in the past. Customers I talk to have moved from "It’s a pain, I always turn it off" to "I know I should use it, I’ll get to it eventually." That’s a non-trivial improvement, due in no small part to the outstanding work done by Dan Walsh and the rest of the Red Hat team on tools like setroubleshoot.
Second, SELinux is slowly moving out of the narrow government market and into more general-use applications. As more security risks emerge, and the tools become more flexible and useful, folks see the utility of securing and compartmentalizing their systems. Vendors and distributions are responding with a tested and proven security solution like SELinux, and Type Enforcement generally.
Third, in the government space, it’s becoming clear that TE is the only way to accurately and securely model the complex interactions between agencies and coalition partners. Trusted Solaris 8, the 800 pound gorilla in this market, is near the end of its useful life. The upgrade path to Solaris 10 Trusted Extensions is less than simple. For many use cases, especially those involving a large number of security enclaves, Solaris 10 and its Zones-based approach simply can’t do the job. Customers are hungry for more straightforward alternative that can support even complex use cases, and they’re all taking a long hard look at SELinux.
So, I’m proud that Red Hat has taken a leadership role in this field. We have been a visible cheerleader for TE and SELinux for years, and it’s gratifying to see the community grow. With luck, the Fedora, OpenSolaris, and Debian communities can all work together, each learning from the other’s mistakes, and ultimately deliver the best and most flexible security available. That way, everyone wins.