SE Linux Status in Debian 2012-01SE Linux Status in Debian 2012-01
Since my last SE Linux in Debian status report [1] there have been some significant changes. Policy Last year I reported that the policy wasn’t very usable, on the 18th[...]
Tag: Selinux
My Blog Server was CrackedMy Blog Server was Cracked
On the 1st of August I noticed that the server which runs my blog among other things was having an occasional SEGV from a sshd process. Unfortunately I was busy[...]
Secure Boot and Protecting Against RootSecure Boot and Protecting Against Root
There has been a lot of discussion recently about the recent Microsoft ideas regarding secure boot, in case you have missed it Michael Casadevall has written a good summary of[...]
SE Linux Status in Debian 2011-10SE Linux Status in Debian 2011-10
Debian/Unstable Development deb http://www.coker.com.au wheezy selinux The above APT sources.list line has my repository for SE Linux packages that have been uploaded to Unstable and which will eventually go to[...]
Capabilities vs SE LinuxCapabilities vs SE Linux
In December 2010 a paper was published by Robert N.M. Watson and Jonathan Anderson from the Cambridge University and Ben Laurie and Kris Kennaway of Google about the Capsicum capabilities[...]
SE Linux File Context PrecedenceSE Linux File Context Precedence
In my previous post I expressed a desire to use regular expressions for files that may appear in multiple places in the tree due to bind mounts for /run and[...]
/run and SE Linux Policy/run and SE Linux Policy
Currently Debian/Unstable is going through a transition to using /run instead of /var/run. Naturally any significant change to the filesystem layout requires matching changes to SE Linux policy. We currently[...]
Multiple Filesystems for SecurityMultiple Filesystems for Security
There is always been an ongoing debate about how to assign disk space into multiple partitions. I think that nowadays the best thing to do is to assign about 10G[...]
What is Valid SE Linux Policy?What is Valid SE Linux Policy?
Guido Trentalancia started an interesting discussion on the SE Linux policy development list about how to manage the evolution of the policy [1]. The Problem The SE Linux policy is[...]
Mplayer, Squeeze, and SE Linux on i386Mplayer, Squeeze, and SE Linux on i386
I’ve just updated my SE Linux repository for Squeeze to better support running mplayer on the i386 architecture, below is the APT sources.list line: deb http://www.coker.com.au squeeze selinux The first[...]