LinuxSecuritySummit2010/Abstracts/Brindle lolcats

From Linux Security Wiki (obsolete)
(Difference between revisions)
Jump to: navigation, search
Line 3: Line 3:
SELinux policy modifications, based on lolcats.
SELinux policy modifications, based on lolcats.
== Author ==
== Presenter ==
Joshua Brindle, Tresys
Joshua Brindle, Tresys

Latest revision as of 09:57, 15 June 2010

[edit] Title

in ur webserver, writin ur logs: An example domain specific language for SELinux policy modifications, based on lolcats.

[edit] Presenter

Joshua Brindle, Tresys

[edit] Abstract

SELinux is often criticized for being overly complex. This is both fair and unfair. Type enforcement is very simple; the number of object classes and permissions is overwhelming; add in frameworks and userspace object managers and policy analysis and you've pretty easily gone over most of your users' heads.

CIL is an active project to design and implement an intermediary language for SELinux, which would allow the creation of high level languages other than the current one. As an example use of CIL, I introduce the very limited and hilariously simple high level language lolpolicy.

lolpolicy has a very simple and limited syntax, is only used for modifying policy (not writing full policies) and should be easily grasped by the web reading, email forwarding, Facebook updating masses.

The policy looks like:

I iz logwatch
     in ur webserver
     readin ur logs
Personal tools