Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Linux Foundation

Smack Reference Policy: Creating a Rule Set for Linux Distributions

Linux Foundation via YouTube

Overview

Explore the development of a Smack reference policy in this 45-minute conference talk by Casey Schaufler, author of the Simplified Mandatory Access Control Kernel (Smack) Linux security module. Learn about Smack's functionality, its differences from SELinux and AppArmor, and the ongoing effort to create a reference set of Smack rules for a major Linux distribution. Discover the three-domain approach to threat protection, the process of selecting a target distribution, and the challenges faced in implementing the policy. Gain insights into Smack's built-in and specified access rules, access modes, and quirks. Understand the reference threat model, tooling considerations, and the proposed simple configuration for various system components. Engage with the project's current state, identified challenges, and future work required for distribution integration.

Syllabus

Intro
Simplified Mandatory Access Control Kernel
Compared To SELinux
Compared To AppArmor
Smack is not a privilege system
Built In Smack Access Rules
Specified Smack Access Rules
Access Modes
Access Quirks
The Reference Threat
Complications
Choosing A Use Case
Tooling Considerations
Choosing A Distribution
The Three Domain Model
Toolbox
What Accesses Are Unwanted?
Simple Configuration
Transmuting Directories
var/lib/apt
Graphically
With Implicit Access
With Privileged Access
And Shared Data
To Consider
Work To Be Done For The Distribution

Taught by

Linux Foundation

Reviews

Start your review of Smack Reference Policy: Creating a Rule Set for Linux Distributions

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.