presentations about SE Linuxpresentations about SE Linux
I have just read the Presentation Zen blog post about PowerPoint. One of the interesting suggestions was that it’s not effective to present the same information twice, so you don’t[...]
Category: Security
Xen and SE Linux – EWeek review of RHEL5Xen and SE Linux – EWeek review of RHEL5
The online magazine EWeek has done a review of RHEL5. It’s quite a positive review which can be summarised as “good support for Xen as service (not an appliance), better[...]
SE Linux – not too difficult for new usersSE Linux – not too difficult for new users
At http://tanso.net/selinux/ Jan-Frode Myklebust has documented his work in creating new SE Linux policy to run Googleearth on Red Hat Enterprise Linux 5. He discussed this with us on #selinux[...]
The Inevitability of FailureThe Inevitability of Failure
The below document was reproduced from the NSA web site with permission. I have moved three footnotes to comments within the document (footnotes don’t work well in HTML) and also[...]
Trusted Solaris vs SE LinuxTrusted Solaris vs SE Linux
Karl MacMillan writes an interesting review of a Sun article about SE Linux. Not only does he correct errors in the Sun article but he also summarises some of the[...]
questions regarding SE Linuxquestions regarding SE Linux
I just received a question about SE Linux via email. As I don’t want to post private messages containing material that’s globally useful I’ll answer through my blog: > other[...]
Debian and Google Summer (Winter) Of CodeDebian and Google Summer (Winter) Of Code
Debian is participating in the Google Summer Of Code (or Winter if you are in the southern hemisphere). It would be good if we could get a SE Linux related[...]
SE Linux on /.SE Linux on /.
The book SE Linux by Example has been reviewed on Slashdot. The issue of Perl scripts was raised for discussion. It is of course true that a domain which is[...]
creating a new SE Linux policy modulecreating a new SE Linux policy module
Creating a simple SE Linux policy module is not difficult. audit(1173571340.836:12855): avc: denied { execute } for pid=5678 comm=”spf-policy.pl” name=”hostname” dev=hda ino=1234 scontext=root:system_r:postfix_master_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file For example I had a[...]
execmodexecmod
Ulrich Drepper has written a good web page about text relocation which is most often noticed as execmod failures reported when running SE Linux. When an AVC message reports a[...]