<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.28.3">
</HEAD>
<BODY>
Ah, wandering minds...yes the bells are metaphorical (can I use a big word this early in the morning?) and my attire is quite opaque to be sure. Is it live or is it Memorex? How can you have any pudding if you don't eat your meat?<BR>
<BR>
Back on topic....<BR>
<BR>
SELinux was giving me some very minor issues with regard to Chrome (or perhaps I should state it the other way around) a while back but I believe that updates to Chrome worked that out. As I drive Fedora and am planning on finishing-out my home server with a Redhat type (CentOS or Startcom -- heck maybe I'll even spring for the single users license for RH); I for one welcome the chance to get all I can on SELinux at a meeting. : )<BR>
<BR>
Oh, and, yes...the ring is not only on my finger but in my head...as in ringing ears. I wish I could answer them....(hehehe)<BR>
<BR>
Rich in Lilburn<BR>
<BR>
-----Original Message-----<BR>
<B>From</B>: Geoffrey <<A HREF="mailto:Geoffrey%20%3clists@serioustechnology.com%3e">lists@serioustechnology.com</A>><BR>
<B>Reply-to</B>: Atlanta Linux Enthusiasts - Yes! We run Linux! <ale@ale.org><BR>
<B>To</B>: Atlanta Linux Enthusiasts - Yes! We run Linux! <<A HREF="mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes!%20We%20run%20Linux!%20%3cale@ale.org%3e">ale@ale.org</A>><BR>
<B>Subject</B>: Re: [ale] October meeting topic - SELinux<BR>
<B>Date</B>: Thu, 26 Aug 2010 07:14:34 -0400<BR>
<BR>
<PRE>
Jim Kinney wrote:
> um. I was hoping for something a bit more opaque .
REALLY BIG bells strategically placed?
>
> On Wed, Aug 25, 2010 at 4:21 PM, Greg Clifton <<A HREF="mailto:gccfof5@gmail.com">gccfof5@gmail.com</A>
> <<A HREF="mailto:gccfof5@gmail.com">mailto:gccfof5@gmail.com</A>>> wrote:
>
> Maybe rings on his toes?
>
>
> On Wed, Aug 25, 2010 at 4:12 PM, Jim Kinney <<A HREF="mailto:jim.kinney@gmail.com">jim.kinney@gmail.com</A>
> <<A HREF="mailto:jim.kinney@gmail.com">mailto:jim.kinney@gmail.com</A>>> wrote:
>
> hopefully the bells will be joined with other attire.
>
> On Wed, Aug 25, 2010 at 3:29 PM, Richard Faulkner
> <<A HREF="mailto:rfaulkner@34thprs.org">rfaulkner@34thprs.org</A> <<A HREF="mailto:rfaulkner@34thprs.org">mailto:rfaulkner@34thprs.org</A>>> wrote:
>
> I second that on "anything" that could be covered in 90-120
> minutes. I know "zilch"
> about SELinux so have a fertile mind for new information on
> the topic. I would be
> there with bells on....
>
> Rich in Lilburn
>
>
>
> -----Original Message-----
> *From*: Michael B. Trausch <<A HREF="mailto:mike@trausch.us">mike@trausch.us</A>
> <<A HREF="mailto:%22Michael%20B.%20Trausch%22%20%3cmike@trausch.us">mailto:%22Michael%20B.%20Trausch%22%20%3cmike@trausch.us</A>%3e>>
> *Reply-to*: Atlanta Linux Enthusiasts - Yes! We run Linux!
> <<A HREF="mailto:ale@ale.org">ale@ale.org</A> <<A HREF="mailto:ale@ale.org">mailto:ale@ale.org</A>>>
> *To*: Atlanta Linux Enthusiasts - Yes! We run Linux!
> <<A HREF="mailto:ale@ale.org">ale@ale.org</A>
> <<A HREF="mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes%21%20We%20run%20Linux%21%20%3cale@ale.org">mailto:Atlanta%20Linux%20Enthusiasts%20-%20Yes%21%20We%20run%20Linux%21%20%3cale@ale.org</A>%3e>>
> *Subject*: Re: [ale] October meeting topic - SELinux
> *Date*: Tue, 24 Aug 2010 13:49:58 -0400
>
> On Tue, 2010-08-24 at 11:14 -0400, Jim Kinney wrote:
> > I have informed Aaron I will give a meeting in October on SELinux. I
> > am tinkering with SEPostgres - yes, that's SELinux extensions for
> > PostgreSQL! - and wanted a feel for interest, i.e. how far down the
> > rabbit hole should I look at for the talk?
> >
> > NOTE: My talks are notoriously long - I think the last one was 90
> > minutes - and this one will likely be no different.
> >
> > I'm looking at an overview of SELinux and how to work with it, uses of
> > the multi-level, multi-category security model (much more than the
> > "strict" mode) and a practical example of a database using it natively
> > (along with the process of patch -n- build, etc).
>
> I, for one, would be interested in anything that you can reasonably
> cover in a 90 to 120 minute window, even if I have to read 120,000 words
> of text afterwards to understand it all. :-)
>
> That said, here are a few things that I can think of that I would like
> to know:
>
> * WRT implementing SELinux on an existing system, is there some method
> of determining what rules would be good to implement by scanning the
> system?
> * Is there a method of remote management of SELinux rules?
> * Can it do things like require that a cryptographic key is used to
> access a system over a username and password, particularly for
> privileged operations?
> * Along the same lines as the last question, how high-level can
> SELinux requirements get?
> * Is it worthwhile for use in a small network (< 5 servers)?
> * Is it useful inside of virtual machines (for example, are there
> SELinux "namespaces" that can be used inside of something like LXC
> so that all that has to happen for SELinux to work in the containers
> is to have the SELinux modules loaded on the host?
> * Assuming that the last question is answered in the affirmative,
> is it also possible to have SELinux used on the host to do something
> like say "VMs can do whatever, bound by their own SELinux policies,
> as long as they don't break out into the host system?"
>
> I could probably ask 100 questions, but these are the biggest ones that
> I can think of that I would like answers to (or pointers to answers to).
>
>         --- Mike
>
> _______________________________________________
> Ale mailing list
> <A HREF="mailto:Ale@ale.org">Ale@ale.org</A> <<A HREF="mailto:Ale@ale.org">mailto:Ale@ale.org</A>>
> <A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
> See JOBS, ANNOUNCE and SCHOOLS lists at
> <A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
>
>
>
> _______________________________________________
> Ale mailing list
> <A HREF="mailto:Ale@ale.org">Ale@ale.org</A> <<A HREF="mailto:Ale@ale.org">mailto:Ale@ale.org</A>>
> <A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
> See JOBS, ANNOUNCE and SCHOOLS lists at
> <A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
>
>
>
>
> --
> --
> James P. Kinney III
> I would rather stumble along in freedom than walk effortlessly
> in chains.
>
>
>
> _______________________________________________
> Ale mailing list
> <A HREF="mailto:Ale@ale.org">Ale@ale.org</A> <<A HREF="mailto:Ale@ale.org">mailto:Ale@ale.org</A>>
> <A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
> See JOBS, ANNOUNCE and SCHOOLS lists at
> <A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
>
>
>
> _______________________________________________
> Ale mailing list
> <A HREF="mailto:Ale@ale.org">Ale@ale.org</A> <<A HREF="mailto:Ale@ale.org">mailto:Ale@ale.org</A>>
> <A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
> See JOBS, ANNOUNCE and SCHOOLS lists at
> <A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
>
>
>
>
> --
> --
> James P. Kinney III
> I would rather stumble along in freedom than walk effortlessly in chains.
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Ale mailing list
> <A HREF="mailto:Ale@ale.org">Ale@ale.org</A>
> <A HREF="http://mail.ale.org/mailman/listinfo/ale">http://mail.ale.org/mailman/listinfo/ale</A>
> See JOBS, ANNOUNCE and SCHOOLS lists at
> <A HREF="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</A>
</PRE>
<BR>
</BODY>
</HTML>