Execmod and SE Linux – i386 Must DieExecmod and SE Linux – i386 Must Die
I have previously written about the execmod permission check in SE Linux [1] and in a post about SE Linux on the desktop I linked to some bug reports about[...]
Category: Security
SE Linux in Lenny status – Achieved Level 1SE Linux in Lenny status – Achieved Level 1
I previously described the goals for SE Linux development in Lenny and assigned numbers to the levels of support [1]. I have just uploaded a new policy to unstable which[...]
Random Opinions, Expert Opinions, and Facts about AppArmorRandom Opinions, Expert Opinions, and Facts about AppArmor
My previous post titled AppArmor is Dead [1] has inspired a number of reactions. Some of them have been unsubstantiated opinions, well everyone has an opinion so this doesn’t mean[...]
Google Chrome – the Security ImplicationsGoogle Chrome – the Security Implications
Google have announced a new web browser – Chrome [1]. It is not available for download yet, currently there is only a comic book explaining how it will work [2].[...]
Is SE Linux Unixish?Is SE Linux Unixish?
In a comment on my AppArmor is dead post [1] someone complained that SE Linux is not “Unixish“. The security model in Unix is almost exclusively Discretionary Access Control (DAC)[...]
Play Machine DowntimePlay Machine Downtime
From the 13th to the 14th of August my Play Machine [1] was offline. There was a power failure for a few seconds and the machine didn’t boot correctly. As[...]
AppArmor is DeadAppArmor is Dead
For some time there have been two mainstream Mandatory Access Control (MAC) [1] systems for Linux. SE Linux [2] and AppArmor [3]. In late 2007 Novell laid off almost all[...]
DNS Secondaries and Web SecurityDNS Secondaries and Web Security
At the moment there are ongoing security issues related to web based services and DNS hijacking. the Daily Ack has a good summary of the session hijacking issue [1]. For[...]
Ownership of the Local SE Linux PolicyOwnership of the Local SE Linux Policy
A large part of the disagreement about the way to manage the policy seems to be based on who will be the primary “owner” of the policy on the machine.[...]
SE Linux Policy Packaging for a DistributionSE Linux Policy Packaging for a Distribution
Caleb Case (Ubuntu contributer and Tresys employee) has written about the benefits of using separate packages for SE Linux policy modules [1]. Firstly I think it’s useful to consider some[...]