Rejoice, for the days when your only choice for enhanced security in the Linux kernel was SELinux are coming to an end. Learn how the AppArmor and Smack security modules are filling needs that SELinux isn't so well suited for. Learn about new security modules like Landlock that are taking 21st century approaches to modern security concerns. Find out about a set of smaller security modules that do all sorts of interesting things, from general process tags to strengthening changing chroot. With all that to think about, you'll be exposed to the efforts to combine and composer security modules. The talk wouldn't be complete without relating all this to containers and virtualization. Nor would it be fair to leave out advances in the Audit and Capabilities features. Finally no discussion of Linux kernel security would be complete without something about efforts to harden it and fix exploitable flaws.
Casey Schaufler worked on Unix kernels in the 1970s-90s. He has implemented access control lists, mandatory access control, extended filesystem attributes, X11 access controls, network protocols and more audit systems than is really healthy. His involvement in Linux began with the Linux Security Module work at the turn of the century, introducing the Smack LSM in 2007. Casey is reworking the LSM infrastructure to support multiple concurrent modules. He has spoken at LCA, OLS, and many venues.