GNU/Linux Security : SELinux or Systemd for Cloud Server?

As far GNU/Linux Security is concerned, both SELinux and Systemd has issues. However, we are not going in to the philosophical or mass spyware issues in this small guide. Basic Question Often Arises in a User’s Mind – For the Sake of GNU/Linux Security, Whether SELinux or Systemd is better for a Cloud Server? SELinux monitors the processes, systemd is an init system.

GNU/Linux Security : Systemd is Getting Over SELinux on the Development Part

The recent convention in Berlin (9 and 10 May 2016), CoreOS was particularly rich in action and followed by several specialized portals. In the news there are statements from Greg Kroah-Hartman on the Linux kernel development process and the security of the operating system.

The important issue was also touched by Lennart Poettering (of Red Hat), one of the reference project developers systemd init (process during system startup is called by the kernel to initialize the user space), that in a detailed technical keynote explained what are the basic parameters on which systemd act on the safety of a Linux server.

Among the main features of systemd, the programmer stressed the ability to run in a sandbox so the OS services as other elements such as containers; the systemd-nspawn and privateNetwork options can help the sysadmin to ensure the safety respectively in the user namespace and to run a private service in a network.

GNU/Linux Security : SELinux or Systemd for Cloud Server?

To attract the attention of those who were present in Berlin any case the observations of loopholes of SELinux (Security Enhanced Linux), a well-known form of the Linux kernel related to the monitoring of processes and the system security policy, one officially remarked – “SELinux is definitely an incredible technology, although I do not understand!”.

Although some options offered by SELinux make all the unwanted effects present in some setting of systemd, it is however present as the default option on any Linux distribution while SELinux is a distro specific default option – in Red Hat Enterprise, Fedora and CentOS SELinux is a core security element.

The systemd settings are simple Boolean expressions understood by most of the peoples; for that reason many opine that systemd as a whole is much more useful that SELinux policy. Probably there are less than 100 peoples on this world who are able to understand the SELinux policy. But there are more than few thousand peoples who can understand the system as developer. However, none of them is as doubt free like vi or wget.

The init system used by most GNU/Linux distro till recently was System V init (SysV init), which derived the name form UNIX System V (System Five). It was the first commercially available UNIX system since the ancient time. System V had a specific way to run the init processes. There were other attempts as an alternative init system like Ubuntu used upstart, systemd is another such attempt. Canonical had dislike towards systemd. Systemd, unfortunately is like Microsoft Windows System and not POSIX compliant.