Writing SELinux policy can be challenging for many users, leading some to either disable SELinux entirely, or use policies that do not adequately support their security goals. While SELinux is a helpful tool for creating customizable security policies, its value as a security mechanism is only as strong as the policy that it enforces.

This talk demonstrates a new tool, called SELint, which can assist in writing scalable and maintainable policies by alerting about common policy issues. The use of this tool can help speed up SELinux policy development and result in more secure policies.

The talk discuss motivation, examples of problems found by the tool, maintenance and security benefits, and the broader question of what steps the security community can take to help users use available security mechanisms correctly.