Thank you Tomasz for your kind and quick answer. I'll introduce your remarks in a later version of the document.
Best regards José Le lundi 28 septembre 2015 à 10:38 +0200, Tomasz Swierczek a écrit : > Hi Jose, > > > Long time no see ;-) > > > Few updates and info that may be useful: > > - updated security wiki, with some more Tizen 3.0 information (Tizen 3.X > section): https://wiki.tizen.org/wiki/Security > https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview > > - document states: "Despite that such feature exists, Tizen/v3 doesn't > implement netfiltering." Even though its not currently integrated with the > platform, we've actually just finished implementing that (kernel & netfilter > upstream patches to get full security context of packets and a "nether" > module in userspace to filter out the packets/ask for the policy - in our > implementation, via Cynara. Only beginnings of each network connection are > being checked. Wiki page with documentation is very poor, its under > construction (https://wiki.tizen.org/wiki/Security:Nether); we're on our way > to add this (hopefully) to daily images. > > - on the container topic, a small update: we're still waiting for upstream > Smack namespaces patches to be finally accepted; there seems to be consensus > about their future (Casey Schaufler added them to the "future" roadmap of > Smack development on Linux Security Summit), but those are sill not merged. > > - I like the title "Do not under estimate security cost" on one of the > paragraphs ;-) > > - about Smack access modes: recently there is also a "bringup mode": > https://lwn.net/Articles/608430/ > > That is all I got at 1st glance - BTW, a nice summary of the work done on > Tizen. > > > Best Regards, > > > > Tomasz Świerczek > Samsung R&D Institute Poland > Samsung Electronics > Office +48 22 377 95 59 > Cell +48 503 135 021 > [email protected] > > > -----Original Message----- > From: Dev [mailto:[email protected]] On Behalf Of José Bollo > Sent: Monday, September 28, 2015 10:16 AM > To: [email protected] > Subject: [Dev] Our lessons learnt about tizen's security > > Hi all, > > in the context of AGL we wrote a document named: Tizen security, lessons > learnt. We are glad to share it with the list: > > http://iot.bzh/download/public/tizen-security-lessons-learnt-initial.pdf > > Any feedback is very welcome, here on the list or in private. > > Best regards > José Bollo > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
