This repository has been archived by the owner on Aug 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 24
selinux 3.4 spec
Steve Jones edited this page Sep 6, 2017
·
3 revisions
The purpose of this feature is to implement a complete SELinux security policy for the core Eucalyptus Cloud services.
There are two reasons we're focusing on SELinux support for Eucalyptus at this time:
- Providing Mandatory Access Control to prevent damage when services are compromised. Services adhere to a strict security policy that cannot be modified by the user, as oppose to Discretionary Access Control (which is the typical type of access control found on Linux systems). MAC does not replace DAS, but is used in addition to it.
- There would no longer be a need to disable SELinux support.
All core services, which includes:
- Cloud Controller
- Cluster Controller
- Storage Controller
- Node Controller
- Walrus
- SAN Controllers (Equallogic, EMC, and NetApp)
- VMWare Broker
- There should be a single policy for the Eucalyptus core services
- All Java services on a host run within a single JVM instance
- Java service support should be enabled/disabled by use of SELinux booleans (run
semanage boolean -l
for a list of existing booleans)
- Java service support should be enabled/disabled by use of SELinux booleans (run
- We are really only concerned about types and type transitions
- Services will run as the
system_u
user with thesystem_r
role - Files will use the
system_u
user and theobject_r
role - Multilevel security (MLS) is also not necessary to consider
- Services will run as the
- Services should share as many types as possible as it makes sense (KISS)
The goal is to have a security policy that will run in permissive mode on an enforcing system. Chances are that something will be missed in the policy implementation, and we should not penalize the user for that by denying access to resources or hindering the functionality of their cloud services. As our first iteration, we will release the security policy as a _permissive_ policy that can be used to collect information from audit logs to further improve the policy.
tag:rls-3.4 tag:selinux
- Contact Info
- email: architecture@eucalyptus.com
- IRC: #eucalyptus-devel (freenode)
- Eucalyptus Links