What is Valid SE Linux Policy?What is Valid SE Linux Policy?
Guido Trentalancia started an interesting discussion on the SE Linux policy development list about how to manage the evolution of the policy [1]. The Problem The SE Linux policy is[...]
Category: Security
Mplayer, Squeeze, and SE Linux on i386Mplayer, Squeeze, and SE Linux on i386
I’ve just updated my SE Linux repository for Squeeze to better support running mplayer on the i386 architecture, below is the APT sources.list line: deb http://www.coker.com.au squeeze selinux The first[...]
Continuously Usable Testing of SE LinuxContinuously Usable Testing of SE Linux
Joey has proposed a new concept of “Continuously Usable Testing” for Debian [1], basically testing should be usable at all times and packages that aren’t usable should be dropped. But[...]
Ruxcon 2010Ruxcon 2010
Yesterday and today I attended Ruxcon – the leading technical security conference in Australia [1]. The first lecture I attended was “Breaking Linux Security Protections” by Andrew Griffiths. This included[...]
Play Machine Online AgainPlay Machine Online Again
My SE Linux Play Machine is online again. It’s been online for the last month and much of the month before due to Xen issues. Nothing really tricky to solve,[...]
My Squeeze SE Linux RepositoryMy Squeeze SE Linux Repository
deb http://www.coker.com.au squeeze selinux I have an Apt repository for Squeeze SE Linux packages at the above URL. Currently it contains a modified version of ffmpeg that doesn’t need execmod[...]
Creating a SE Linux Chroot environmentCreating a SE Linux Chroot environment
Why use a Chroot environment? A large part of the use of chroot environments is for the purpose of security, it used to be the only way of isolating a[...]
SE Linux status in Debian/SqueezeSE Linux status in Debian/Squeeze
ffmpeg I’ve updated my SE Linux repository for Squeeze to include a modified version of the ffmpeg packages without MMX support for the i386 architecture. When MMX support is enabled[...]
SE Linux audit2allow -R and Milter policySE Linux audit2allow -R and Milter policy
Since the earliest days there has been a command named audit2allow that takes audit messages of operations that SE Linux denied and produces policy that will permit those operations. A[...]
Tracking down Write/Execute mmap() calls with LD_PRELOADTracking down Write/Execute mmap() calls with LD_PRELOAD
One of the access controls in SE Linux is for execmem – which is used to stop processes from creating memory regions that are writable and executable (as they make[...]