| Main Archive Page > Month Archives > selinux archives |
Life cycle process for building products with selinux
From: Alan Rouse <alan.rouse_at_nospam>Date: Wed May 05 2010 - 14:22:00 GMT
To: "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov>
I'm not sure where to ask a question like this but I bet someone on the list will know...
Are there any guidelines or "best practices" for building products with selinux? (Think network appliances for example.) I have in mind life cycle tasks such as
- Software development: Where in the software development cycle do you introduce selinux? Should application developers have to develop on a system confined by selinux? Is selinux policy maintenance a software development task, or a separate phase in the development cycle?
- System integration: Is this where selinux is first turned on?
- QA testing: should QA testing include selinux-specific penetration testing? Any guidelines or examples of how this is done? Any tools?
- Who in the development organization needs selinux expertise?
- Are there services that can certify the MAC rules for the operating system? For the product application?
- Any selinux-specific guidance for customers who install the protected appliance?
- Impact on the process for upgrades and patches because of selinux. What not to do... for example, turning off selinux to apply a patch. How to configure a properly confined user for applying patches.
- Organizational policy to complement a properly designed system (separation of duties; physical security; etc).
- War stories, lessons learned... or anything of the sort
Thanks
Alan
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.