In the aftermath of the SELinux Symposium, tons of stuff has been released. (It’s only a pity it wasn’t released earlier. ;-))

For example MITRE has released polgen 1.3. The web page doesn’t tell much yet (as usual documentation is what SELinux is missing most…), but the Slides from the symposium explain what it’s about.

I think polgen can probably do at least as much as AppArmors genprof (which I havn’t seen a screenshot of in action yet).

There are more SELinux power tools coming up, easier policy languages and so on. Do also visit the Symposium website and check out the other slides and presentations to see what’s going on.

The polgen tool might also (like much of the other ways to write a secure policy, instead of learning the policy 100% automatically) be a good way to check applications for intended behaviour. Such things can turn up lots of weird stuff, for example the sshd trying to write to /etc/krb5.conf on a system with kerberos uninstalled, but this config file present.