LinuxSecuritySummit2010/Abstracts/Brindle lolcats
JamesMorris (Talk | contribs) (Created page with '== Title == in ur webserver, writin ur logs: An example domain specific language for SELinux policy modifications, based on lolcats. == Author == Joshua Brindle, Tresys == Ab…') |
JamesMorris (Talk | contribs) (→Abstract) |
||
Line 27: | Line 27: | ||
The policy looks like: | The policy looks like: | ||
+ | <pre> | ||
I iz logwatch | I iz logwatch | ||
in ur webserver | in ur webserver | ||
readin ur logs | readin ur logs | ||
+ | </pre> |
Revision as of 08:44, 15 June 2010
Title
in ur webserver, writin ur logs: An example domain specific language for SELinux policy modifications, based on lolcats.
Author
Joshua Brindle, Tresys
Abstract
SELinux is often criticized for being overly complex. This is both fair and unfair. Type enforcement is very simple; the number of object classes and permissions is overwhelming; add in frameworks and userspace object managers and policy analysis and you've pretty easily gone over most of your users' heads.
CIL is an active project to design and implement an intermediary language for SELinux, which would allow the creation of high level languages other than the current one. As an example use of CIL, I introduce the very limited and hilariously simple high level language lolpolicy.
lolpolicy has a very simple and limited syntax, is only used for modifying policy (not writing full policies) and should be easily grasped by the web reading, email forwarding, Facebook updating masses.
The policy looks like:
I iz logwatch in ur webserver readin ur logs