Mar 16 - Hack Night: Understand or Write a Basic SELinux Policy

Understand or Write a Basic SELinux Policy
Brian Bouterse
Thursday, 16 March 2017 -
7:00pm to 9:00pm
Caktus Group, 108 Morris St, Suite 2 Durham, NC (Next to Bullseye Bicycle)
Street parking

Writing or maintaining an SELinux policy can be a daunting task if you've never done it before. In this hands-on workshop, you will learn how to create a basic SELinux policy. You will also learn to debug SELinux issues while designing or maintaining a SELinux policy. Contributing to SELinux is a great way to become more familiar with how it works and make open source computing more secure.

A rough outline of topics will include:

* Basic examples and compiling
* Using the M4 Macro Language (Reference Policy language)
* Debugging SELinux policy issues
* Contributing policies and fixes upstream with SELinux
* Packaging your policy
* Decompiling policies
* Where to get help

I wrote and maintain the SELinux policy for an open source project, Pulp, and want to share the experience I had writing it. With some guidance it can be fun. I'm assuming users have Fedora or RHEL, but we can probably figure it out on other distributions too.

Attendees are encouraged to come with a computer and a desire to contribute to an open source SELinux policy. If you bring software that does does not run within a SELinux context already you could write a basic policy for it. You can also learn more about an existing policy that you did not write. We can fix SELinux bugs and improve existing open source policies.

Brian Bouterse is a Principle Software Engineer at Red Hat and has been working with SELinux for roughly 3 years. He is a developer on Pulp and has written an SELinux policy for Pulp and fixed many SELinux issues along the way. He lives in Raleigh with his wife Katie and his cat Schmowee.