In this increasingly connected information age, the utility of a
computer is negligible unless it is connected to the internet. Also
a truism in this age, that any machine connected to the internet
increasingly comes under attack. One of the strongest defenses
possible is Security Enhanced Linux from the NSA, with its mandatory
access controls, and policy based security (which is added to the
discretionary access controls common to UNIX derivatives). Properly
written, a mandatory access policy can be used to set up a sandbox
for any program (including any and all internet facing services),
such that they can not access resources and information unless
expressly permitted.

Unfortunately, Setting up SELinux is not a task for the faint of
heart, and the security polices currently extant are far from
complete, making it almost impossible for most folks to convert a
working machine to a secure box, and raises the bar for people who
just want to casually try out SELinux. This paper sets out to
address these deficiencies.

One possible solution is to utilize virtualization, and instead of
trying to convert a full featured, working desktop into a secure
platform (quite hard, in advance of Security Enhanced X), and
instead create a User Mode Linux virtual server running in strict
mode. One of the advantages of running a UML is that we can create a
read only root_fs, and use copy on write file systems to ensure that
any changes can be quickly reverted, even if someone can discover a
flaw in the security policy, and exploit it. Also, with UML's, the
monitoring mechanisms are out of the ken of the virtual machine,
since they can run on the host machine, making it far harder to
suborn them.

There are a number of problems that novice users face with trying to
use a virtual UML instance, firstly, the user-mode-linux package in
Debian is showing signs of neglect, and, secondly, is not generally
patched to support SELinux. Then there is the issue determining a
compatible set of sources, patches, and sources of the patches
(though as more and more patches get accepted into the mainstream
kernels this is less of a problem now than it used to be).

Even when one has a proper /usr/bin/linux binary, there is the issue
of finding a proper root file system to run the UML on. The root_fs
creation tools in Sid also show signs of neglect, and even then, one
would need to install SELinux on these root file systems, which is
often a frightening task by itself.

I propose to start with a recipe based tutorial to create, firstly,
a user mode /usr/bin/linux executable, suitably modified, as needed,
to run SELinux (complete with an example configuration file), and a
corresponding host kernel (with the separate kernel address space
patch). The tutorial shall include a collection of links where the
latest patches are to be found, and a known good combination of such
patches (hence, a recipe).

Then, we shall create a loop back root file system, with a
bare bones standard Debian Sid install for use with the UML. A script
shall be provided to automate this task, given a fast enough mirror,
and shall perform the common tasks required to make the system
SELinux capable, including doing the initial security labelling of
the file system, and applying any patches to the security policy as
required.

Finally, we shall cover the various networking options to connect
the UML instance to the outside world. If time permits, we shall
explore how to create a secure DMZ/server mechanism, where the
physical box only routes packets to the secure servers running
SELinux, and the only internet facing code runs in a MAC
sandbox. Also, we can examine how one can use a SELinux UML and
hostfs to create Debian packages for upload, which is like pbuilder,
but better, since the isolation of the build environment and the
monitoring of suspicious activity is far stricter.

Why should I be the one giving this talk? Well, I have been working
with SELinux for a couple of years now, I amintain all but one
SELinux specific packages, I have been creating (and have set up a
HTTP resource page for) SELinux UML's for the last 5-6 kernel
versions, and I have been using a SELinux build environment for my
Debian packages for over an year now.