[Security-sig] PEP 551: Security transparency in the Python runtime
Steve Dower
steve.dower at python.org
Fri Aug 25 16:23:53 EDT 2017
On 25Aug2017 1058, Christian Heimes wrote:
> Here is a simplified and partial example for a simple Python
> 'myservice'. When the service is started by the init system, the process
> is automatically transitions into the myservice_exec_t domain.
>
> [SNIP]
I feel like the piece I'm missing is what needs to be added to the
CPython source to make this all work. (As with auditd - when Nick
pointed it out to me I wasn't comfortable until I found a sample using
audit_open().)
> We can talk about SELinux during the sprint. If you like either Nick,
> Victor, or I could contact some engineers from SELinux (Dan) and Linux
> auditing team (Paul, RGB) here at Red Hat.
I'm very keen for as many platform-specific proofs of concept as
possible. The more people who are thinking "if I had this information
available, what would I do with it?" the better.
Cheers,
Steve
More information about the Security-SIG
mailing list