Enabling SELinux in an application #selinux


I am with The Middleby Corporation.  We manufacture a wide variety of commercial ovens, ice machines, coffee brewers, microwaves, soft-serve machines and virtually anything you’d find in a commercial restaurant kitchen.  Much of our equipment has a touch-screen display on it – often 4.3” to 10.1” in size.  This is part of an embedded control system that includes a separate I/O board to talk to motors, heating elements, etc.  The touch-screen control are most often running Yocto Linux with a QT or similar application running on top of Linux.  Recently, we have been asked to explore enabling SELinux security provisions in our applications.  In speaking with several of our vendors, they all indicated they don’t generally need to enable SELinux and have never done so in the past.  

I now know what SELinux is, but I can’t get a good answer if it even is needed to be enabled on a touch-screen application on equipment that a 16 year old kid generally operates.  We often do have USB ports on our equipment for software updates and some is connected to the internet as well, but I still don’t see how the security access provisions in SELinux are needed for our application. 

Lastly, I'm not a programmer. I manage the business end of all of Middleby's electronic controls, so the aim of this message is to ask for general guidance regarding the need for SELinux or not.  

Join yocto@lists.yoctoproject.org to automatically receive all group messages.