Upcoming Conference Talks on SELinux Applications: sVirt and Kiosk Mode

LinuxSecurity.com: Recently, I've been busy getting the initial cut of sVirt out, and am currently processing community feedback before issuing an update. The basic idea behind sVirt is to apply MAC label security (SELinux, Smack etc.) to Linux-based virtualization schemes such as KVM, allowing the existing OS-level security mechanisms to be re-used for process-based VMs. This is an application one of the core advantages of Linux-based virtualization, where generally, all of the Linux process management infrastructure within the kernel and wider OS may be applied to domains which run inside Linux processes. Would you agree that we don't need to modify the kernel security mechanism for MAC label security? Read on for more information.

Related Items