Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletter Hub
Free Learning
Arrow right icon
timer SALE ENDS IN
0 Days
:
00 Hours
:
00 Minutes
:
00 Seconds
Arrow up icon
GO TO TOP
OpenStack Cloud Security

You're reading from   OpenStack Cloud Security Your OpenStack cloud storage contains all your vital computing resources and potentially sensitive data – secure it with this essential OpenStack tutorial

Arrow left icon
Product type Paperback
Published in Jul 2015
Publisher
ISBN-13 9781782170983
Length 160 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Fabio Alessandro Locati Fabio Alessandro Locati
Author Profile Icon Fabio Alessandro Locati
Fabio Alessandro Locati
Arrow right icon
View More author details
Toc

Table of Contents (9) Chapters Close

Preface 1. First Things First – Creating a Safe Environment FREE CHAPTER 2. OpenStack Security Challenges 3. Securing OpenStack Networking 4. Securing OpenStack Communications and Its API 5. Securing the OpenStack Identification and Authentication System and Its Dashboard 6. Securing OpenStack Storage 7. Securing the Hypervisor Index

sVirt – SELinux and virtualization


Security-Enhanced Linux (SELinux) is a Linux module that was originally developed by the United States National Security Agency (NSA) in 1998, and that has been part of the main Linux Kernel since 2.6.0 since August 2003. Since then, Red Hat, Secure Computing Corporation, and many other companies have helped improve it.

SELinux implements MAC architecture directly in the Linux Kernel, limiting user access to all resources: files, network devices, or any other kind of resource. SELinux integrates with the standard UNIX DAC system but works differently. In fact, it does not recognize root as a privileged user, neither does it accept any shortcoming that has been built to help pass security limitations in the UNIX DAC (for example, the setuid and the setgid systems). To identify who can do what, each resource has an SELinux context that looks like this:

system_u:object_r:httpd_sys_content_t:s0

It is composed of a user (system_u), a role (object_r), a type...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image