Debian and Google Summer (Winter) Of CodeDebian and Google Summer (Winter) Of Code
Debian is participating in the Google Summer Of Code (or Winter if you are in the southern hemisphere). It would be good if we could get a SE Linux related[...]
Tag: Selinux
SE Linux on /.SE Linux on /.
The book SE Linux by Example has been reviewed on Slashdot. The issue of Perl scripts was raised for discussion. It is of course true that a domain which is[...]
creating a new SE Linux policy modulecreating a new SE Linux policy module
Creating a simple SE Linux policy module is not difficult. audit(1173571340.836:12855): avc: denied { execute } for pid=5678 comm=”spf-policy.pl” name=”hostname” dev=hda ino=1234 scontext=root:system_r:postfix_master_t:s0 tcontext=system_u:object_r:hostname_exec_t:s0 tclass=file For example I had a[...]
execmodexecmod
Ulrich Drepper has written a good web page about text relocation which is most often noticed as execmod failures reported when running SE Linux. When an AVC message reports a[...]
core filescore files
The issue of core file management has come up for discussion again in the SE Linux list. I believe that there are two essential security requirements for managing core files,[...]
more about vista securitymore about vista security
While reading the discussion of Vista security on Bruce Schneier’s blog it occurred to me that comparing the issues of DRM that face MS with the issues faced by SE[...]
installing Debian Etchinstalling Debian Etch
A few days ago I installed Debian/Etch on my Thinkpad. One of the reasons for converting from Fedora to Debian is that I need to run Xen and Fedora doesn’t[...]
Debian SE Linux policy bugDebian SE Linux policy bug
checkmodule -m -o local.mod local.te semodule_package -o local.pp -m local.mod semodule -u local.pp Save the following policy as local.te and then run the above commands to make semodule work correctly[...]
SE Linux on Debian in 5 minutesSE Linux on Debian in 5 minutes
Following from my 5 minute OSDC talk yesterday on 5 security improvements needed in Linux distributions I gave a 5 minute talk on installing SE Linux on Debian etch. To[...]
The benefits of SE LinuxThe benefits of SE Linux
Today I discovered a bug in one of my programs, it called system() and didn’t correctly escape shell eta-characters. Fortunately I had written custom SE Linux policy for it which[...]