Running a Tor RelayRunning a Tor Relay
I previously wrote about running my SE Linux Play Machine over Tor [1] which involved configuring ssh to use Tor. Since then I have installed a Tor hidden service for[...]
Category: Security
SE Linux in Debian/StretchSE Linux in Debian/Stretch
Debian/Stretch has been frozen. Before the freeze I got almost all the bugs in policy fixed, both bugs reported in the Debian BTS and bugs that I know about. This[...]
Hostile Web SitesHostile Web Sites
I was asked whether it would be safe to open a link in a spam message with wget. So here are some thoughts about wget security and web browser security[...]
UnikernelsUnikernels
At LCA I attended a talk about Unikernels. Here are the reasons why I think that they are a bad idea: Single Address Space According to the Unikernel Wikipedia page[...]
Compatibility and a Linux Community ServerCompatibility and a Linux Community Server
Compatibility/interoperability is a good thing. It’s generally good for systems on the Internet to be capable of communicating with as many systems as possible. Unfortunately it’s not always possible as[...]
Using LetsEncryptUsing LetsEncrypt
Lets Encrypt is a new service to provide free SSL keys [1]. I’ve just set it up on a few servers that I run. Issues The first thing to note[...]
Running a Shell in a Daemon DomainRunning a Shell in a Daemon Domain
allow unconfined_t logrotate_t:process transition; allow logrotate_t { shell_exec_t bin_t }:file entrypoint; allow logrotate_t unconfined_t:fd use; allow logrotate_t unconfined_t:process sigchld; I recently had a problem with SE Linux policy related to[...]
SE Linux Play Machine Over TorSE Linux Play Machine Over Tor
I work on SE Linux to improve security for all computer users. I think that my work has gone reasonably well in that regard in terms of directly improving security[...]
DNSSECDNSSEC
reason=”verification failed; insecure key” I’ve recently noticed OpenDKIM on systems I run giving the above message when trying to verify a DKIM message from my own domain. According to Google[...]
Fixing Strange Directory Write AccessFixing Strange Directory Write Access
type=AVC msg=audit(1403622580.061:96): avc: denied { write } for pid=1331 comm="mysqld_safe" name="/" dev="dm-0" ino=256 scontext=system_u:system_r:mysqld_safe_t:s0 tcontext=system_u:object_r:root_t:s0 tclass=dir type=SYSCALL msg=audit(1403622580.061:96): arch=c000003e syscall=269 success=yes exit=0 a0=ffffffffffffff9c a1=7f5e09bfe798 a2=2 a3=2 items=0 ppid=1109 pid=1331 auid=4294967295[...]