Re: Enabling SELinux in an application #selinux

Rudolf J Streif


There is no simply answer to your question. Most generally speaking any type of security, not just for computers and embedded systems, is a tradeoff between risk and cost.

The fact that your appliances have USB ports and are potentially connected to the Internet makes them vulnerable for attacks. They can potentially be used to gain access to your appliances, put malicious software on them, potentially damage them. be used as bots for cyber attacks, etc. An expert and embedded security can assess the risk by examining your appliances, software etc. You only can assess the risk for your business and the business of your customers. What will it mean for a customer and your business if multiple appliances are hacked and not functioning anymore and the customer cannot deliver their product and services possibly for days until you are able to reinstall the software? What does that mean for your business if that happens at many of your customers' locations at the same time?

It does not need to be professional hackers that are out for financial gain doing that. Your proverbial 16 year old kid operating the equipment could be an aspiring embedded systems engineer who is curious about what's behind the scenes of the appliances.

It's never a bad idea to think about security for your embedded systems. Having done a whole lot deal of embedded systems in automotive and explicitly for securing content and devices for digital television I can only advise you to take it seriously. It's better to be proactive then reactive. Bad embedded systems security practices are all around. Just because your vendors have not done it does not really mean anything.

SELinux is only one consideration. There are other things that go into hardening an embedded system.

Best regards,

On 4/21/20 11:50 AM, Cguerin@... wrote:

I am with The Middleby Corporation.  We manufacture a wide variety of commercial ovens, ice machines, coffee brewers, microwaves, soft-serve machines and virtually anything you’d find in a commercial restaurant kitchen.  Much of our equipment has a touch-screen display on it – often 4.3” to 10.1” in size.  This is part of an embedded control system that includes a separate I/O board to talk to motors, heating elements, etc.  The touch-screen control are most often running Yocto Linux with a QT or similar application running on top of Linux.  Recently, we have been asked to explore enabling SELinux security provisions in our applications.  In speaking with several of our vendors, they all indicated they don’t generally need to enable SELinux and have never done so in the past.  

I now know what SELinux is, but I can’t get a good answer if it even is needed to be enabled on a touch-screen application on equipment that a 16 year old kid generally operates.  We often do have USB ports on our equipment for software updates and some is connected to the internet as well, but I still don’t see how the security access provisions in SELinux are needed for our application. 

Lastly, I'm not a programmer. I manage the business end of all of Middleby's electronic controls, so the aim of this message is to ask for general guidance regarding the need for SELinux or not.  

Rudolf J Streif
CEO/CTO ibeeto
+1.855.442.3386 x700

Join to automatically receive all group messages.