So, I did a brief unscientific survey regarding SELinux with my
colleagues. The idea here is to work out what people see wrong or right
with SELinux and when documentation is done what should our focus or
priorities be in regards to it?
To give you a bit of background respondents are all above average
technically Linux experienced whom work for a hosting company offering
amongst other things Linux based solutions of some sort either
pre-packed or bespoke. All the people I asked have a procedural approach
to security (not the type of thing tagged onto the end of a project line
of thinking) and in general are open to security advise.
Attached is the PDF document with the questions I asked - you'll have to
forgive my decorating abilities!
The questions I asked could be wrong, the people I'm asking might not be
the "average" sample we could do with and admittedly the sample is way
So firstly on with the questions I asked and why I asked them:
If you installed Fedora regarding SELinux would you
a) Disable it on install
b) permissive on install
c) enforcing on install.
The point with this question is to really just gauge what
feelings are with it "out of the box". Do they run it or do they not and
how does that compare with their ideas for the questions I asked below.
Why would you choose that option?
So the idea behind this
question was to find out what they liked or
disliked about selinux which was enough of a motivator for them to turn
it on or turn it off or disable it completely.
Specifically what is SELinux meant to do?
Really what I wanted
to find out here is what the people would consider
SELinux as being able to achieve for them as well as a brief
understanding of how much they know about SELinux.
Out of five, (five being very sufficient, 0 being completely
insufficient) where would you put standard UNIX permissions (rwx,
setuids and acls) for security on a machine? First for desktops second
This question was meant to gauge the persons understanding of DAC and
how they pit against the current major security threats. I.E "Do you
find DAC is sufficient enough for securing your server".
From the data this is my analysis but my opinions are pretty biased as
already know all these people anyway. I'd love peoples feedback.
None of the respondents had any insight into the pros/cons of DAC or
All the respondents saw SELinux as a fine grained access control
The more respondents understood about SELinux the more they were likely
to enable it.
Currently servers would benefit from SELinux more than Desktops would.
So from the very limited feedback I've got I would say:
Peoples understanding of why MAC in some fashion is necessary is limited
or none existent. There should probably be some good argumentative cases
for why DAC is not able to adequately contain a security breach or
threat and what SELinux MAC is ready to do about it. Perhaps a wiki page
that explains what DAC and MAC is - giving examples, what the current
security trends and threats are against your systems and what both can /
cannot do to mitigate them.
People envision SELinux as a access control system. Documentation on
type enforcement (perhaps with examples analogous to DAC) would be
In addition personally I would say most sysadmins are totally missing
fundamental security understandings (what is a subject, what is an
object, what is DAC what is MAC etc) and this means they are unable to
appreciate what SELinux is trying to accomplish. Also I believe
sysadmins do not consider containment of a security breach and spend
much of their effort attempting to prevent it in the first place.
Well, thats probably more than I can prune on the whole thing i've got.
I might be perhaps looking way too much into the information I have and
would recommend people make up their own minds based off of the
information I supplied.
The goal here is to find out what peoples vision of SELinux is (either
right or wrong) and what can be done to help correct it.