Thanks to the 25 people who attended the April BBLISA talk by Dan
Walsh on "A fresh look at SELinux and what it is complaining about."
The talk started out with a brief review of security models and how
SELinux fits into the landscape. This was followed by a brief history
of SELinux and its usability improvements.
One takeaway: an application exploit on a system without SELinux means
the entire system must be rebuilt. When using SELinux, the system is
protected and only the files that the application is allowed access to
need to be audited/repaired. A local root compromise doesn't provide
any additional access with SELinux. The implications of this for cloud
and virtual machines: one compromised VM on a system not running
SELinux means all the VM's can be compromised. Common problems with
moving/symbolic linking files and how to relabel (SELinux is based on
labels) were discussed and the commands to relabel/preserve labels and
modify the rules using sesetbool and semanage were shown.
You can follow his blog at: danwalsh.livejournal.com
On Wednesday, May 9, 2012 at 7PM we are happy to have Martin Leach who
is the CIO of the Broad Institute talking about "What does a CIO do
The average job life of a CIO is about 2 1/2 years, it even comes with
the pleasant acronym of '*C*areer *I*s *O*ver'. The Broad Institute
just hired their first CIO, and will try to justify his existence at
this presentation and discussion.
My employers don't acknowledge my existence much less my opinions.