A recent development in SE Linux policy is the concept of UBAC (User Based Access Control) which prevents SE Linux users (identitied) from accessing each other’s files.
SE Linux user identities may map 1:1 to Unix users (as was required in the early versions of SE Linux), you might have unique identities for special users […]
I’m running Debian/Unstable on an EeePC 701, I’ve got an SD card for /home etc but the root filesystem is on the internal 4G flash storage which doesn’t have much spare space (I’ve got a full software development environment, GCC, debuggers, etc as well as running KDE4). On some of my systems I’ve started the […]
I have just filed Debian bug report #556644 against the version of openssh-server in Debian/Unstable (Squeeze). It has a patch that moves the code to set the SE Linux context for the child process before calling chroot. Without this a chroot environment on a SE Linux system can only work correctly if /proc and /selinux […]
I have previously written about an error that valgrind reported in the STL when some string operations were performed by the DKIM library . This turned out to be a bug, Jonathan Wakely filed GCC bug report #40518  about it, Jonathan is one of many very skillful people who commented on that post.
I previously described four levels of SE Linux support on the desktop .
Last night I updated my APT repository of SE Linux packages for Lenny (as described on my document about installing SE Linux ). I included a new policy package that supports logging in to a graphical session via gdm in either unconfined_t […]
As Debian/Lenny has been released and the temperatures in my part of the world are no longer insanely hot I have put my SE Linux Play Machine  online again. It is running Debian/Lenny and is a Xen DomU on a Debian/Lenny Dom0.
To get this working I had to make a few more fixes […]
Debian GNU/Linux 5.0 AKA “Lenny” has just been released .
One of the features that is particularly noteworthy is that Xen has been updated and now works fully and correctly on the 2.6.26 kernel (see the Debian Wiki page about Xen for details ). This may not sound exciting, but I know that a lot […]
This morning I gave a talk at the Security mini-conf of LCA about the status of SE Linux in Debian. Here is a summary of the issues I covered:
In Lenny (the new release of Debian that will come out in a month or two) SE Linux is working well. Considerably better than […]
I have just had a need to install packages from Debian-Multimedia.org to correctly play .3gp files from my mobile phone (the stock Mplayer in Debian would not play the sound).
As part of getting this to work in a way that I like I rebuilt some packages so that shared objects would not demand an […]
Mike writes about his work in using namespaces on Linux . In 2006 I presented a paper titled “Polyinstantiation of directories in an SE Linux system” about this at the SAGE-AU conference .
Newer versions of the code in question has been included in Debian/Lenny. So if you want to use namespaces for a login […]