SELinux is a mechanism that implements mandatory access controls in Linux systems. This article shows how to create a SELinux policy that confines a standard service: Limit its network interfaces, Restrict its system access, and Protect its secrets. Mandatory access control By default, unconfined processes use discretionary access controls (DAC). A user has all the permissions over its objects, for… Read more →
Ada Lee talks about OpenStack Security, Barbican, Novajoin, and TLS Everywhere in Ocata, at the OpenStack PTG in Atlanta, 2017.
This is a summary of the latest OpenStack design summit for the Vulnerability Management Team (VMT). The team’s goal is to coordinate the progressive disclosure of vulnerability in OpenStack, the complete process is explained here: vmt-process. This team writes OpenStack Security Advisories (OSSA). A look back at previous releases Key numbers Date Release Bug reports OSSAs Oct 17 2013 Havana… Read more →
Puppet is a key component in server deployment and configuration automation. When nodes successfully get provisioned by a Puppet master they retrieve all sorts of data, some which might be both confidentials and criticals. It is then mandatory to ensure that only authorized instances or nodes are allowed to retrieve such data. In today elastic systems and cloud era, it… Read more →
During the summit in Atlanta, the Vulnerability Management Team gathered in a design session for the upcoming Juno cycle. What is the VMT OpenStack, like any other piece of code, has and will have bugs. Those with security implications must be addressed in a special way, as they can lead to numerous nefarious consequences such as data loss, service interruption… Read more →