Quick update

I am one of Jim Gettys’ Jedi mind trick victims, with a record breaking answer of ten seconds when asked how long I thought it takes for Linux to wake up from suspend-to-ram. Out by a mere four orders of magnitude. It’s always good to remember: never assume anything, and don’t be a guesser.

I usually write up some notes on all the SELinux changes in a new kernel release, but I’ve been a little busy with RHEL5 coming up, and the notes for 2.6.18 will have to wait a while. I’m happy, though, to see that secmark (reworked SELinux network controls, integrated with iptables) went in.

The FOSS.IN/2006 CFP is open for another week. I’ve submitted a couple of talks and hope to attend one way or another. Due to a change of venue, I don’t think there’ll be cows walking around the conference this year, but you can’t have everything. It’s a truly amazing event, and I’d say it ties with LCA as favorite Linux conference.

Jeff Waugh linked to an interesting presentation blog, which features an inspired Darth Vader vs. Yoda example, which is itself a great example of presentation “zen”.

There’s a week left, too, on the SELinux Symposium 2007 CFP. A lot of great work has been done on usability and developer tools during the year, and the symposium will be an useful opportunity to see how the project has advanced overall and where its heading.

Erich Schubert has been keeping the SELinux effort in Debian moving forward; and SELinux itself, with Debian leading the deployment of auto-configuring modular policy. (Note: see comments for more details on this). As one of my sparc boxes is running Debian, I hope to get it updated to a development version and have a closer look at what’s happening there. If you’re interested in SELinux on Debian, see the project page.

The BSD securelevels LSM has finally been terminated.

In an ideal world, I’d love to see more of the Linux security development community rally around SELinux, rather than be split across various projects. Aside from believing that SELinux is the right model on a fundamental level, with its policy-flexibility and complete coverage of security-relevant interactions in the kernel, it takes a lot of work to make the transition from DAC to MAC in a general purpose operating system. It’s such a hard problem that it’s never succeeded before, and I guess I see SELinux as the big opportunity to nail it; with the availability of the OS source code, a global developer team and a solid architecture based on decades of research by the NSA — all of the building blocks are there.

Competing ideas are of course essential, but it’s one thing to convert a research idea into an LSM and publish some papers; and quite another to build developer, user and academic communities, to continually evolve the software on every level, and to support many tens of millions of users across several widely deployed OSs, in environments ranging from consumer telephones, to Internet servers, through to operational systems protecting national security and all manner of amazing things that I wouldn’t be able to talk about, even if I knew about them.

So, it’s not that I think BSD securelevels or some other security project is a bad thing (although, honestly, some are not so wonderful), it’s a matter of what’s practical and suitable for inclusion in the mainline Linux kernel. To make an analogy from the networking world: it’s good that things like STREAMS exist, and that people have done real work on things like TCP offload engines, but it doesn’t mean that they belong in the mainline Linux kernel.