ITpro EXPO2008 3日目 - よそ行き顔で

EXPO最終日の今日は、OLS2008の投稿期限でもある。

横浜から湘南新宿ライナーで大崎に向かう途中、投稿する内容を考えていた。これまでも毎日ずっと考えてはいたが、うまくまとまらなかったのが、うまく形にできそうな気がしてきた。

会場に到着してから、展示の対応は今までどおり熊猫先生に任せて、Vistaのノートを開き文章を考えた。BOFとPaperを各1本投稿することができた。

BOF: MAC for Linux, Time to Glean

The meaning and the importance of MAC are almost shared with Linux users. Among numbers of UNIX descendants, Linux is distinguished because of its security framework LSM and renowned "in-tree" module, SELinux. However, number of people are disabling SELinux and SELinux has been a single client of LSM which was intended to encourage other MAC solutions to Linux.

A huge number of messages have been posted to LKML. But it is hard to find "agreements" and "conclusion" in the archive. This is mainly because people are speaking from their own project's perspective. How can we make progress without having an acknowledged comparison chart for existing projects?

I'd like to propose MAC people to meet and talk about. We may not get the agreements soon, but at the very least we should try to summarize issues. For that purpose, OLS is the only place to meet.

Paper: Practical MAC Issues: Lessons learned from TOMOYO Linux Project

As we all know, a "real" life with Linux is adventurous. Nothing but experiences can save administrators' lives. Regarding MAC (Mandatory Access Control) implementations, "installation" tasks are merely the tip of the icebergs. The real issues live in an administrator's daily life. The most typical example of real issues is system updating *after* enabling MAC. How not to prevent updating process do their jobs and how to reduce the administrators' burden of policy updates to reflect resulted system changes.

Since the first release of TOMOYO Linux, the project has been confronting those *real* issues and trying to improve the usability. TOMOYO Linux's per domain MAC mode change and interactive policy definition functionality are examples of the results. While the implementations are bound to the pathname based MAC, issues are common to any MAC including SELinux. In this paper, we will introduce the issues we found and how we solved.

熊猫先生も2本投稿したようなので、4本になる。次の締め切りはELC2008だ。それにしても2/23のFOSDEM2008の採否通知がまだこない。