LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Security page

Recent Features

LWN.net Weekly Edition for October 3, 2013

Integrity and embedded devices

NUMA scheduling progress

LWN.net Weekly Edition for September 26, 2013

A perf ABI fix

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

An overview of Linux security features (Linux.com)

[Posted July 11, 2013 by corbet]

Kernel security subsystem maintainer James Morris has posted an overview of Linux security features on the Linux.com site. "A simpler approach to integrity management is the dm-verity module. This is a device mapper target which manages file integrity at the block level. It's intended to be used as part of a verified boot process, where an appropriately authorized caller brings a device online, say, a trusted partition containing kernel modules to be loaded later."
(Log in to post comments)

An overview of Linux security features (Linux.com)

Posted Jul 16, 2013 12:54 UTC (Tue) by glaesera (subscriber, #91429) [Link]

Good overview of Linux security features. One can learn, that a large number of different competing technologies exist.
By using combinations of two of these the security-standard will be very high to insanely high, but not all combinations make sense.
Concerning SELinux it is probably sufficient for most people, when they know how to turn this off. If one spends time configuring it he/she will be a part of the NSA-community, dealing with their ways of operational thinking and organisation-structure.

An overview of Linux security features (Linux.com)

Posted Jul 16, 2013 13:02 UTC (Tue) by raven667 (subscriber, #5198) [Link]

I'm not sure if that was intended to be a joke but SELinux is a computer technology, not a brainwashing technique, and it's not that hard to understand or configure given the existence of SETroubleshoot and the high quality of the default policies that ship with the system. The SELinux policy looks a lot like a firewall rule set to me, with programs, files and syscalls instead of hosts, ports and protocols

An overview of Linux security features (Linux.com)

Posted Jul 16, 2013 16:00 UTC (Tue) by dpquigl (subscriber, #52852) [Link]

Sadly I don't believe he/she was joking. The number of articles I've seen lately about the NSA putting back doors into Linux and Android with SELinux and SEAndroid show a large amount of ignorance and a complete lack of trust in the open source development model. I'd like to write them off as crackpots but unfortunately those who aren't knowledgeable in the area take articles like this with some level of truth and it can be seen in comments given on the articles.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds