(Created page with '== Title == in ur webserver, writin ur logs: An example domain specific language for SELinux policy modifications, based on lolcats. == Author == Joshua Brindle, Tresys == Ab…')
Revision as of 08:43, 15 June 2010
in ur webserver, writin ur logs: An example domain specific language for SELinux policy modifications, based on lolcats.
Joshua Brindle, Tresys
SELinux is often criticized for being overly complex. This is both fair and unfair. Type enforcement is very simple; the number of object classes and permissions is overwhelming; add in frameworks and userspace object managers and policy analysis and you've pretty easily gone over most of your users' heads.
CIL is an active project to design and implement an intermediary language for SELinux, which would allow the creation of high level languages other than the current one. As an example use of CIL, I introduce the very limited and hilariously simple high level language lolpolicy.
lolpolicy has a very simple and limited syntax, is only used for modifying policy (not writing full policies) and should be easily grasped by the web reading, email forwarding, Facebook updating masses.
The policy looks like:
I iz logwatch
in ur webserver readin ur logs