THIS TUTORIAL HAS REQUIREMENTS AND INSTRUCTIONS LISTED BELOW
Building on last year’s critically acclaimed “Demystifying SELinux: WTF is it saying?” talk Demystifying SELinux Part II: Who’s policy is it anyway? is an extended tutorial which has attendees work through real life examples of SELinux configuration and policy construction. Whether you attended last year’s “Demystifying SELinux: WTF is it saying?” talk or not the tutorial will give you the know how to tackle SELinux head on and use it in your production environments.
While more and more people are starting to do the legwork in understanding SELinux instead of turning it off right away it still seems like black magic to a great number of people. I’m here to let you know that with a little bit of time and a few simple commands already on your Linux machine you can begin to chip away at the SELinux’s hard shell and get to the creamy nougat of understanding in the middle.
In the tutorial we cover what SELinux does why it is important and why you shouldn’t turn it off. Next we address the basics of what SELinux is and how it decides to protect your system using a lovely audience member and an easy to understand exercise. Then attendees will work through real life examples to discover the tools available to you to be able to bend SELinux to your will and get a feel for what it is doing on your system. The attendees will then work through problem scenarios learning how to identify and fix issues associated with SELinux. Finally the attendees will be given a file transfer client and server and shown how to construct policy for this daemon. This will help attendees begin to understand policy construction allowing them to apply these concepts to their own in-house developed tools.
At the end of the talk you’ll be flying high with your new understanding of SELinux and SELinux Policy and be ready to take on the world. Next time someone on your DEVOPS team says just turn SELinux off you’ll say “No! I got this. I took that Tutorial at OSCON and I can figure this out!”
TUTORIAL REQUIREMENTS AND INSTRUCTIONS FOR ATTENDEES
* To make the most out of the session a system with CentOS 6.5 will be useful. The session provides hands on experience with SELinux so getting your hands dirty is a must.
* The Centos 6.5 install should consist of the base graphical install along with the packages listed below which provide SELinux policy tools, the SELinux SLIDE package for eclipse and other tools required for the labs.
QUESTIONS for the speaker?: Use the “Leave a Comment or Question” section at the bottom to address them.
David Quigley making a return appearance to OSCON after his “Demystifying SELinux: WTF is it saying?” talk started his career as a Computer Systems Researcher for the National Information Assurance Research Lab at the NSA where he worked as a member of the SELinux team. David leads the design and implementation efforts to provide Labeled-NFS support for SELinux. David has previously contributed to the open source community through maintaining the Unionfs 1.0 code base and through code contributions to various other projects. David has presented at conferences such as the Ottawa Linux Symposium, the StorageSS workshop, LinuxCon and several local Linux User Group meetings where presentation topics have included storage, file systems, and security. David currently works as a Computer Science Professional for the Operations, Analytics and Software Development (OASD) Division at Keyw Corporation.
Comments on this page are now closed.
For exhibition and sponsorship opportunities, contact Sharon Cordesse at firstname.lastname@example.org
For information on trade opportunities with O'Reilly conferences contact email@example.com
For media-related inquiries, contact Maureen Jennings at firstname.lastname@example.org
View a complete list of OSCON contacts