SELinux-Based Mandatory Access Control in Cockpit Systems

Explore SELinux-based Mandatory Access Control (MAC) implementation in Cockpit through this 41-minute Linux Foundation conference talk. Delve into the reference architecture for container-based eCockpit, primary goals, and high-level requirements. Examine evaluated approaches, policy and container considerations, and device node creation and labeling. Learn about possible solutions for vehicle data access, file execution policy, and Sys V IPC policy. Understand the challenges, ongoing work, and generic SELinux policy guidelines. Gain valuable insights into enhancing security in automotive software systems using SELinux-based MAC in Cockpit.

Intro
Reference Architecture For Container Based eCockpit
Primary Goal
High Level Requirements
Evaluated Approaches
Policy And Containers
Device Node Creation And Labeling
Possible Solutions
Vehicle Data Access
File Execution Policy
Sys V IPC Policy
Challenges Component
Work In Progress
Generic SELinux Policy Guidelines
Conclusion