Top 10 SELinux Stories of 2007

    Date14 Jan 2008
    Posted ByBrittany Day
    2007 was an interesting year for SELinux. Many issues were important and gained exposure, but what did you, the reader have to say about the most important articles in SELinux? There are many ways to judge this and one of them is by listing the most popular articles as chosen by our readers over the course of the year, based on hits. It isn't the only answer, but certainly an interesting one.

    Click through to see the list of the Top SELinux stories on for 2007. Also: For a COMPLETE list of all the SELinux articles that have ever appeared on, go here Easy to follow and organized by year, it's one of many, many resources avaialable at with regards to SELinux.

    • #1: Don't Disable SELinux! (2007-06-25) - 3150 hits

      Josh Brindle commented on one of the most pressing issues with SELinux - that many companies decide to tell customers to disable it altogether instead of working through a different solution for a particular program. This was probably the most popular article of the year because SELinux still represents a strong learning curve and is still in a process of acceptance. When someone stakes a claim to not do what is likely common practice, chances are good people will want to know what they are saying.

      Bottom line: SELinux still has an aura of difficulty that convinces people to use the strategy of disabling the entire system. When Josh Brindle, an expert on the topic says "don't do this," people want to see if SELinux has evolved in a way that would replace this quick, easy and damaging strategy. Interestingly, the issue probably centers on the usability, not security effects, in disabling it.

      In other words, people are asking one main question above all others: Is the cost/benefit relationship of implementing SELinux changed? In this writers opinion, this has always been the biggest issue regarding SELinux, was the biggest issue for 2007, and will likely remain the critical issue in the year ahead.

    • #2: SELinux Constrains Samba Vulnerability (2007-06-01)- 3020 hits

      Samba is one of the most popular projects in open source. When there's a vulnerability that threatens it, and a solution exists that can contain the problem, people will be interested - 'Nuff said.

    • #3: SELinux Gets a Wiki (2007-05-18) - 2961 hits

      This addresses the usability issue. A Wiki can be an incredibly useful tool for learning about a program or application. If such a resource is created for SELinux especially on the popular Fedora distribution and the learning curve is still high, this should be no surprise.

    • #4: Secure Networking With SELinux (2007-05-31) - 2919 hits

      Another post coming from Josh Brindle. Again, he is one of the most visible experts on SELinux, and does a great job of addressing the most important issues in SELinux. Here, he addressed the recent improvements that came from the community and the differences between support in the early days and at the time of the article.

    • #5: Linus Torvalds on SELinux (2007-10-03) - 2757 hits

      Occassionally, the Linux Kernel Mailing list can get heated. In this instance, a discussion had started regarding whether or not LSM should remain the as the only security standard for the Kernel. As is sometimes the case, Linus Torvalds commented in a way that brought the comment some awareness. Whether or not Linus' reaction was taken out of context, the LSM issue is still an interesting one and harbors back on what strategy should drive Kernel security development. Are changes suggested because they are valuable? Or are they suggested because somebody wants to see something change? This friction (as can often be the case in any project) made it popular enough to make #5.

    • #6: Managing SELinux with SETools (2007-10-30) - 2374 hits A great article by James Turnbull, another seasoned developer in the world of SELinux. This overview covered SETtools; specifically, apol which Analyzes SELinux policies, sediff which performs diffs on SELinux policy, seaudit, which analyzes audit messages and sechecker which checks SELinux policy. A worthwhile HowTo on these tools that most people found useful, and therefore popular.

    • #7: Kernel Space: A Simplified Security Framework for Linux (2007-10-10) - 2149 hits

      This was yet another article covering LSM and SELinux and which should take precedence. Is SMACK (Simplified Mandatory Access Control Kernel) good enough to replace whats there? The issue was that, according to many, the current security module would relegate security as an afterthought because it would require so much work to be integrated. The net result, it was argued, was that the liklihood of being avoided would increase, and security wouldn't be as effective. A great article summing up many of the most pertinent issues.

    • #8: Is SELinux Really too Complex? (2007-09-28) - 2105 hits

      Apparently, the Kernel issue was one of the more pressing issues. This article again covers the LSM, SELinux issue, with another interesting and compelling take on the importance of security within the kernel and where SELinux exists as a result.

    • #9: A Step-by-Step Guide to Building a New SELinux Policy Module (2007-08-23)- 2085 hits

      If you want help with making a new module, this article covers it. Obviously, based on its place on this list, this is one of the better HowTo's for doing just that. Easy to follow and informative, no wonder it comes in as #9 for the most popular SELinux article for 2007.

    • #10: Samba/SELinux Policy (2007-11-14)- 2049 hits

      Rounding out our most popular SELinux articles of 2007 is the 2nd showing by SAMBA and SELinux. A great HowTo by none other Dan Walsh, SELinux expert over at Red Hat, its proof that SAMBA security is at the forefront of many users minds. What's that mean? That SELinux is probably going to be involved.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350


    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.