Intro

[Temlakos]

Hello. I am an applications developer with an interest in building
secure systems.

As a former practicing pathologist, I believe I have a good set of
"clues" for developing a comprehensive accessioning and reporting
application for pathologists. This will necessarily use a database
server, plus database clients who might connect either on the same
machine or on different machines perhaps even on different sites. That
means that the database server must be exposed to the public Internet,
though I can certainly use iptables to limit access to a single
recommended port.

Obviously I'm considering SELinux as the base operating system for the
database server, and perhaps also for database client systems.

Next week I hope to have a new, experimental box on which I plan to
install Fedora Core 3 Test 3 (one test away from general release; how
buggy can it really be?) with SELinux switched on, in permissive mode to
start with, and hopefully to proceed to full enforcement mode. Is there
anything I need to know, beyond what I can glean from Fedora's FAQ or
the NSA's FAQ? Is the NSA's document on how to write SELinux policies
the best place to get started? What do I need to consider when building
and running a new application in an SELinux environment? Those of you
out there running SELinux in enforcement mode--do you have any insights
you can share with me?

Thanks in advance.

Temlakos