When I first started running a SE Linux Play Machine  I used passwords such as “123456“. Then for a while I had “selinux” but when I created a T-shirt design (see the main Play Machine page for details) I changed the password to “SELINUX” because that is easier to read on a shirt.
I previously described four levels of SE Linux support on the desktop .
Last night I updated my APT repository of SE Linux packages for Lenny (as described on my document about installing SE Linux ). I included a new policy package that supports logging in to a graphical session via gdm in either unconfined_t [...]
As Debian/Lenny has been released and the temperatures in my part of the world are no longer insanely hot I have put my SE Linux Play Machine  online again. It is running Debian/Lenny and is a Xen DomU on a Debian/Lenny Dom0.
To get this working I had to make a few more fixes [...]
The Bureau of Meteorology has forecast temperatures of 43, 43, and 35 for today and the next two days. Those temperatures are in celcius. Yesterday was also above 40C so my entire house is hot.
As my airconditioner is not overly large (a smaller unit is more efficient) the back part of my house will [...]
On Tuesday afternoon I gave a talk on behalf of KaiGai Kohei about SE Linux and the LAPP (Linux Apache, PostgreSQL, PHP/Perl) stack. KaiGai has blogged about this , unfortunately Google Translation does a poor job of Japanese and has particular problems with KaiGai’s work (could anyone who knows Japanese and English well please submit [...]
This morning I gave a talk at the Security mini-conf of LCA about the status of SE Linux in Debian. Here is a summary of the issues I covered:
In Lenny (the new release of Debian that will come out in a month or two) SE Linux is working well. Considerably better than [...]
Today was the first day of Linux Conf Au 2009 . KaiGai Kohei was unable to attend the conference and give a database mini-conf presentation about his work on Security Enhanced PostgreSQL , so I gave the presentation in his place. It was a fairly difficult presentation and required that I learn a lot about [...]
I have just had a need to install packages from Debian-Multimedia.org to correctly play .3gp files from my mobile phone (the stock Mplayer in Debian would not play the sound).
As part of getting this to work in a way that I like I rebuilt some packages so that shared objects would not demand an [...]
There is currently a discussion on the Debian-security mailing list about how to protect data which came from an encrypted file. I was going to skip that one until someone summoned me by mentioning SE Linux.
The issue which was raised is that data from an encrypted file can be read from /dev/mem (for all [...]
One ongoing problem with TCP networking is the combination of RPC services and port based services on the same host. If you have an RPC service that uses a port less than 1024 then typically it will start at 1023 and try lower ports until it finds one that works. A problem that I have [...]