Hi Jose,
Long time no see ;-) Few updates and info that may be useful: - updated security wiki, with some more Tizen 3.0 information (Tizen 3.X section): https://wiki.tizen.org/wiki/Security https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview - document states: "Despite that such feature exists, Tizen/v3 doesn't implement netfiltering." Even though its not currently integrated with the platform, we've actually just finished implementing that (kernel & netfilter upstream patches to get full security context of packets and a "nether" module in userspace to filter out the packets/ask for the policy - in our implementation, via Cynara. Only beginnings of each network connection are being checked. Wiki page with documentation is very poor, its under construction (https://wiki.tizen.org/wiki/Security:Nether); we're on our way to add this (hopefully) to daily images. - on the container topic, a small update: we're still waiting for upstream Smack namespaces patches to be finally accepted; there seems to be consensus about their future (Casey Schaufler added them to the "future" roadmap of Smack development on Linux Security Summit), but those are sill not merged. - I like the title "Do not under estimate security cost" on one of the paragraphs ;-) - about Smack access modes: recently there is also a "bringup mode": https://lwn.net/Articles/608430/ That is all I got at 1st glance - BTW, a nice summary of the work done on Tizen. Best Regards, Tomasz Świerczek Samsung R&D Institute Poland Samsung Electronics Office +48 22 377 95 59 Cell +48 503 135 021 [email protected] -----Original Message----- From: Dev [mailto:[email protected]] On Behalf Of José Bollo Sent: Monday, September 28, 2015 10:16 AM To: [email protected] Subject: [Dev] Our lessons learnt about tizen's security Hi all, in the context of AGL we wrote a document named: Tizen security, lessons learnt. We are glad to share it with the list: http://iot.bzh/download/public/tizen-security-lessons-learnt-initial.pdf Any feedback is very welcome, here on the list or in private. Best regards José Bollo _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
