[Tails-dev] Mandatory Access Control, SELinux and Tails

Delete this message

Reply to this message
Author: Andreas Kuckartz
Date:  
To: The Tails public development discussion list
Subject: [Tails-dev] Mandatory Access Control, SELinux and Tails
Is anybody currently working on adding Mandatory Access Control to Tails?

Any strong opinions regarding possible solutions?

See
https://tails.boum.org/todo/Mandatory_Access_Control/

I would suggest to start with SELinux in "permissive" mode and
incrementally adapt the policy so that in a later stage - when no
"access denied" warnings occur while using Tails - "enforcing" mode can
be switched on.

The main effect of that change probably would be on the build process
because the initial file labeling takes some time and requires a reboot.

I have some experience with SELinux and Debian unstable which might
help, but installing the relevant SELinux packages and enabling
permissive mode is quite straightforward (at least in Debian unstable ;-).

Cheers,
Andreas