Re: Detail description of some projects in TO DO list page

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Smalley <sds@tycho.nsa.gov>
To: nguyen thai <thai.bkset@gmail.com>, selinux@tycho.nsa.gov
Subject: Re: Detail description of some projects in TO DO list page
Date: Wed, 12 Feb 2014 09:17:44 -0500	[thread overview]
Message-ID: <52FB8288.1080004@tycho.nsa.gov> (raw)
In-Reply-To: <CACBeRbb2fZCWgH93aJ61nfkCCZoJSG3aeaW=9ODSccVXzRQ9xg@mail.gmail.com>

On 02/11/2014 09:24 PM, nguyen thai wrote:
> Hi everyone,
> 
> I have started my study in SELinux recently. I found some projects in TO DO
> list page were really interesting. Can anyone give me more details (what's
> problem now? it's effects or drawbacks) of one of following projects or any
> other projects that i can start to work on?
>  - Investigate security policy for cgroups
>  - CIFS support for single-context clients
>  - Real device labeling and access control
> 
> Thank you very much.

That TODO list is old and not actively maintained, so it may be better
to look at recent mailing list archives to see areas where you can
contribute most effectively.  Also look for recent discussions of
selinux in the linux-security-module and linux-kernel mailing list archives.

On the cgroup item, it should be possible to support finer-grained
labeling of cgroup files now that cgroup supports xattrs, but it will
require a small kernel change (similar to the changes previously made
for sysfs and rootfs; need to generalize that), and thereby enabling
policy control over specific cgroup files.  There may also be work
required inside the cgroup code to add security hooks and permission
checks for MAC; that would require analysis of the cgroup
implementation, existing DAC checks, ways in which they can permit
different security labels to interact/interfere with each other, etc.

next prev parent reply	other threads:[~2014-02-12 14:17 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-12  2:24 Detail description of some projects in TO DO list page nguyen thai
2014-02-12 14:17 ` Stephen Smalley [this message]
2014-03-10  7:31   ` nguyen thai
2014-03-10 21:45     ` Paul Moore
2014-03-11 13:00       ` Daniel J Walsh
2014-03-12  3:09         ` nguyen thai
2014-03-12 12:18           ` Daniel J Walsh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52FB8288.1080004@tycho.nsa.gov \
    --to=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    --cc=thai.bkset@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.