codeblog code is freedom — patching my itch

May 29, 2010

Linux Security Summit 2010

Filed under: Blogging,Debian,Security,Ubuntu,Ubuntu-Server — kees @ 5:22 pm

The Call For Participation is open for the 2010 Linux Security Summit, being held just before this year’s LinuxCon.

If you’re interested in helping make Linux more secure, you’ve got ideas to present, want to have your opinion heard, or generally just want to hang out, please join us and/or suggest a topic for discussion (CFP ends June 4th, so please hurry).

I’m hoping to get a chance to discuss what I’m calling the “popular kernel hardening patches” which appear in a lot of distros yet remain missing from the upstream Linux kernel.

© 2010, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.
CC BY-SA 4.0


  1. AppArmor please. While SELinux might be great by design, the centralized policy management approach does not really work well for a large project like Debian/Ubuntu and custom software. And writing an SELinux policy is not easy. You need to be a SELinux guy to write the policy.

    On the other hand, MACs like TOMOYO and AppArmor are very promising in their decentralized approach, provide more control to the user and take a phase wise approach towards MAC security. AppArmor, being more mature, should actually be included in the upstream kernel.

    Comment by Ritesh Raj Sarraf — May 30, 2010 @ 11:52 pm

  2. Well, this summit isn’t about picking a single LSM — it’s more about Linux security in a general sense, like creating infrastructure for LSMs to use, or adding new protections that no one has considered yet, etc.

    Comment by kees — May 31, 2010 @ 10:07 am

  3. The wiki seems to have been down all day, so here’s a link to the email announcement that has the email address to send proposals to:


    Comment by spender — May 31, 2010 @ 5:06 pm

Powered by WordPress