Entire Security Conference Forgets What SELinux Is or Does

By madumlao

Silicon Valley, US - in an informal Security Hackfest, an entire breakout session of security experts seems to have forgotten what SELinux is or does.

“Operating system enforced isolation would be good,” said speaker Matt Dewey, referencing the recent Intel security bugs.

“Isn’t that SELinux?” said a voice from the crowd, which Matt characterized as “not entirely sure”.

After a couple minutes of clamor, though, it seemed as if nobody actually was “entirely sure” of the answer.

“I then asked ‘Does anyone actually know how to use SELinux?’. Everyone mumbled something about ‘setenforce 0’.”

setenforce 0, however, was the command to turn SELinux off. For everyone in the conference, it seems to have been their only interaction with SELinux.

When asked what SELinux is or does, most respondents shrugged or gave non-committal answers.

“Something to do with security I think.”

“It breaks some scripts.”

“You need to turn it off to install things.”

None of the security experts were keen on reading the man pages, however, citing security vulnerabilities in the man command.