LinuxSecuritySummit2010/Abstracts/Brindle lolcats

From Linux Security Wiki (obsolete)
Revision as of 08:43, 15 June 2010 by JamesMorris (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


in ur webserver, writin ur logs: An example domain specific language for SELinux policy modifications, based on lolcats.


Joshua Brindle, Tresys


SELinux is often criticized for being overly complex. This is both fair and unfair. Type enforcement is very simple; the number of object classes and permissions is overwhelming; add in frameworks and userspace object managers and policy analysis and you've pretty easily gone over most of your users' heads.

CIL is an active project to design and implement an intermediary language for SELinux, which would allow the creation of high level languages other than the current one. As an example use of CIL, I introduce the very limited and hilariously simple high level language lolpolicy.

lolpolicy has a very simple and limited syntax, is only used for modifying policy (not writing full policies) and should be easily grasped by the web reading, email forwarding, Facebook updating masses.

The policy looks like:

I iz logwatch

    in ur webserver
    readin ur logs
Personal tools