deb http://www.coker.com.au wheezy selinux
The above APT sources.list line has my repository for SE Linux packages that have been uploaded to Unstable and which will eventually go to testing and then the Wheezy release (if they aren’t obsoleted first). I have created that repository for people who want to track SE Linux development […]
In December 2010 a paper was published by Robert N.M. Watson and Jonathan Anderson from the Cambridge University and Ben Laurie and Kris Kennaway of Google about the Capsicum capabilities system . It seems that the aim of the project is to allow systems that need privileges briefly when they start (such as tcpdump) a […]
In my previous post I expressed a desire to use regular expressions for files that may appear in multiple places in the tree due to bind mounts for /run and /var/run etc . However there is a problem with this idea.
The SE Linux file labeling program restorecon reads the file /etc/selinux/$SELINUXTYPE/contexts/files/file_contexts which contains a […]
Currently Debian/Unstable is going through a transition to using /run instead of /var/run. Naturally any significant change to the filesystem layout requires matching changes to SE Linux policy. We currently have Debian bug #626720 open about this. Currently the initscripts package breaks selinux-policy-default in Debian/Unstable so that you can’t have initscripts using /run if the […]
There is always been an ongoing debate about how to assign disk space into multiple partitions. I think that nowadays the best thing to do is to assign about 10G for the root filesystem for every desktop and server system because 10G is a small fraction of the disk space available (even the smallest laptops […]
Guido Trentalancia started an interesting discussion on the SE Linux policy development list about how to manage the evolution of the policy .
The SE Linux policy is the set of rules that determine what access is granted. It assigns types to files and domains to processes and has a set of rules […]
I’ve just updated my SE Linux repository for Squeeze to better support running mplayer on the i386 architecture, below is the APT sources.list line:
deb http://www.coker.com.au squeeze selinux
The first issue is a bug in the compilation of the SDL libraries which makes them request an executable stack (bug #613535). Recompiling the libraries on my […]
Joey has proposed a new concept of “Continuously Usable Testing” for Debian , basically testing should be usable at all times and packages that aren’t usable should be dropped. But to properly achieve this goal we need continual testing of usability.
The Plan For SE Linux
To do this for SE Linux I’m setting up […]
My SE Linux Play Machine has been down for a couple of weeks. I’ve changed to a cheaper Internet access plan which also allows me to download a lot more data, but I don’t have a static IP address any more – and my ISP seems to change the IP a lot more […]
My SE Linux Play Machine is online again. It’s been online for the last month and much of the month before due to Xen issues. Nothing really tricky to solve, but I was busy with other things. Sorry for any inconvenience.
Play Machine Online Again with Xen 4.0 My SE Linux Play Machine  has been offline for…
Lenny Play Machine Online As Debian/Lenny has been released and the temperatures in my…
Play Machine Online Again I have returned from the US and my SE Linux…
New SE Linux Play Machine Online After over a year I have finally got a SE…
New Play Machine Update: Thanks to Sven Joachim and Andrew Pollock for informing…