BTRFS and SE LinuxBTRFS and SE Linux
I’ve had problems with systems running SE Linux on BTRFS losing the XATTRs used for storing the SE Linux file labels after a power outage. Here is the link to[...]
Category: Security
Compromised Guest AccountCompromised Guest Account
Some of the workstations I run are sometimes used by multiple people. Having multiple people share an account is bad for security so having a guest account for guest access[...]
Running a Tor RelayRunning a Tor Relay
I previously wrote about running my SE Linux Play Machine over Tor [1] which involved configuring ssh to use Tor. Since then I have installed a Tor hidden service for[...]
SE Linux in Debian/StretchSE Linux in Debian/Stretch
Debian/Stretch has been frozen. Before the freeze I got almost all the bugs in policy fixed, both bugs reported in the Debian BTS and bugs that I know about. This[...]
Hostile Web SitesHostile Web Sites
I was asked whether it would be safe to open a link in a spam message with wget. So here are some thoughts about wget security and web browser security[...]
UnikernelsUnikernels
At LCA I attended a talk about Unikernels. Here are the reasons why I think that they are a bad idea: Single Address Space According to the Unikernel Wikipedia page[...]
Compatibility and a Linux Community ServerCompatibility and a Linux Community Server
Compatibility/interoperability is a good thing. It’s generally good for systems on the Internet to be capable of communicating with as many systems as possible. Unfortunately it’s not always possible as[...]
Using LetsEncryptUsing LetsEncrypt
Lets Encrypt is a new service to provide free SSL keys [1]. I’ve just set it up on a few servers that I run. Issues The first thing to note[...]
Running a Shell in a Daemon DomainRunning a Shell in a Daemon Domain
allow unconfined_t logrotate_t:process transition; allow logrotate_t { shell_exec_t bin_t }:file entrypoint; allow logrotate_t unconfined_t:fd use; allow logrotate_t unconfined_t:process sigchld; I recently had a problem with SE Linux policy related to[...]
SE Linux Play Machine Over TorSE Linux Play Machine Over Tor
I work on SE Linux to improve security for all computer users. I think that my work has gone reasonably well in that regard in terms of directly improving security[...]