Joey has proposed a new concept of “Continuously Usable Testing” for Debian , basically testing should be usable at all times and packages that aren’t usable should be dropped. But to properly achieve this goal we need continual testing of usability.
The Plan For SE Linux
To do this for SE Linux I’m setting up [...]
deb http://www.coker.com.au squeeze selinux
I have an Apt repository for Squeeze SE Linux packages at the above URL. Currently it contains a modified version of ffmpeg that doesn’t need execmod access on i386 and fixes the labeling of /dev/xen on systems that use devtmpfs as reported in bug #597403. I will keep updating this repository [...]
A recent development in SE Linux policy is the concept of UBAC (User Based Access Control) which prevents SE Linux users (identitied) from accessing each other’s files.
SE Linux user identities may map 1:1 to Unix users (as was required in the early versions of SE Linux), you might have unique identities for special users [...]
I’m running Debian/Unstable on an EeePC 701, I’ve got an SD card for /home etc but the root filesystem is on the internal 4G flash storage which doesn’t have much spare space (I’ve got a full software development environment, GCC, debuggers, etc as well as running KDE4). On some of my systems I’ve started the [...]
I have just filed Debian bug report #556644 against the version of openssh-server in Debian/Unstable (Squeeze). It has a patch that moves the code to set the SE Linux context for the child process before calling chroot. Without this a chroot environment on a SE Linux system can only work correctly if /proc and /selinux [...]
I have previously written about an error that valgrind reported in the STL when some string operations were performed by the DKIM library . This turned out to be a bug, Jonathan Wakely filed GCC bug report #40518  about it, Jonathan is one of many very skillful people who commented on that post.
I previously described four levels of SE Linux support on the desktop .
Last night I updated my APT repository of SE Linux packages for Lenny (as described on my document about installing SE Linux ). I included a new policy package that supports logging in to a graphical session via gdm in either unconfined_t [...]
As Debian/Lenny has been released and the temperatures in my part of the world are no longer insanely hot I have put my SE Linux Play Machine  online again. It is running Debian/Lenny and is a Xen DomU on a Debian/Lenny Dom0.
To get this working I had to make a few more fixes [...]
Debian GNU/Linux 5.0 AKA “Lenny” has just been released .
One of the features that is particularly noteworthy is that Xen has been updated and now works fully and correctly on the 2.6.26 kernel (see the Debian Wiki page about Xen for details ). This may not sound exciting, but I know that a lot [...]
This morning I gave a talk at the Security mini-conf of LCA about the status of SE Linux in Debian. Here is a summary of the issues I covered:
In Lenny (the new release of Debian that will come out in a month or two) SE Linux is working well. Considerably better than [...]