oss-sec mailing list archives
Re: CoreOS membership to linux-distros (updated)
From: Stiepan <stie@itk.swiss>
Date: Fri, 21 Jul 2017 05:45:25 -0400
Back to CoreOS, I think that the practical answer is https://coreos.com/os/docs/latest/selinux.html . Now is it good / acceptable to rely on it (over classical Unix privileges, or another MAC) is actually an interesting, relatively unexplored research subject... What makes no doubt is that it is in line with the use made by Google of Linux, including in Android and therefore, very probably makes sense for Google. We lack some literature to back this choice for general-purpose use by the public at large, however. http://www.cse.psu.edu/~trj1/cse544-s13/slides/cse544-selinux.pdf and https://www.ibm.com/developerworks/library/l-selinux/ * provide good starting points for such research; (public) research seems to have stopped since then (= more or less in 2009 apparently)†. *With pointers to some alternatives in Linux and other operating systems, likewise many references †The first presentation cites www.isoc.org/isoc/conferences/ndss/09/pdf/16.pdf, which provides an analysis of MAC mechanisms' (remote) attack surface. A more recent, Android-centered presentation (http://kernsec.org/files/lss2015/vanderstoep.pdf) cites Wikipedia, stating that "[...] the security of an SELinux system depends primarily on the correctness of the kernel and its security-policy configuration", further highlighting the lack of in-depth research. (the emphasis / bold typeface on the second part of the sentence was left as in the original quote) I guess the question now is - do we trust Wikipedia articles on such matters? - and if we do, was the correctness in question attained in CoreOS's case? Likewise, could we somehow measure / quantify a level of this correctness using a formal method? (and if so, what about generalizing it to other OS + xAC pairs so as to evaluate their suitability for specific use cases, target demographics, likewise threat models?) Stiepan P.S.: Full disclosure - I have an interest in finding a secure, yet broadly compatible enough OS. CC-ing Martin Decky, who was 1st to propose a formal approach to it.
-------- Original Message -------- Subject: Re: [oss-security] CoreOS membership to linux-distros (updated) Local Time: July 20, 2017 7:04 PM UTC Time: July 20, 2017 7:04 PM From: jesse_hertz () apple com To: oss-security () lists openwall com Additionally, Docker doesn"t maintain a kernel distribution, whereas OpenVZ does, making this request strange to say the least. I also think its disingenuous to imply there"s "one patch" that divides a secure containerization system from another. Container/Kernel security is... quite complicated to say the least.On Jul 20, 2017, at 6:42 AM, Greg KH <greg () kroah com> wrote: On Thu, Jul 20, 2017 at 07:13:03AM +0300, gremlin () gremlin ru wrote:On 2017-07-18 14:56:23 -0700, Euan Kemp wrote:I???ve listed each criterion and why I think we, the Container Linux team at CoreOS, qualify.1. Be an actively maintained Unix-like operating system distro with substantial use of Open Source componentsAll components of the distro are open source, as are all the tools used to build it.Prior to any decision to be made, I"d ask you to show the kernel patch which you use to avoid escaping from the container to host system (Docker allows such escape, OpenVZ does not). Could you, please, show it?All of CoreOS"s kernel patches are public, here"s their latest branch: https://github.com/coreos/linux/tree/v4.12.2-coreos But what does a specific kernel patch have to do with linux-distro"s membership requirements? confused, greg k-h
Stiepan Aurélien Kovac IT Kovac + itk AVtobvS Sàrl Geneva + Jussy, Geneva CH
Current thread:
- CoreOS membership to linux-distros (updated) Euan Kemp (Jul 18)
- Re: CoreOS membership to linux-distros (updated) Kees Cook (Jul 18)
- Re: CoreOS membership to linux-distros (updated) gremlin (Jul 20)
- Re: CoreOS membership to linux-distros (updated) Greg KH (Jul 20)
- Re: CoreOS membership to linux-distros (updated) Jesse Hertz (Jul 20)
- Re: CoreOS membership to linux-distros (updated) Stiepan (Jul 21)
- Re: CoreOS membership to linux-distros (updated) Nicolas RUFF (Jul 21)
- Re: CoreOS membership to linux-distros (updated) Greg KH (Jul 20)
- Re: CoreOS membership to linux-distros (updated) Solar Designer (Jul 31)
- Re: CoreOS membership to linux-distros (updated) akuster (Aug 01)
- Re: CoreOS membership to linux-distros (updated) Solar Designer (Aug 01)
- Re: CoreOS membership to linux-distros (updated) Johannes Segitz (Aug 02)
- Re: CoreOS membership to linux-distros (updated) Solar Designer (Aug 02)