Status of SE Linux in Debian LCA 2009Status of SE Linux in Debian LCA 2009
This morning I gave a talk at the Security mini-conf of LCA about the status of SE Linux in Debian. Here is a summary of the issues I covered: General[...]
Tag: Selinux
Security Enhanced PostgreSQLSecurity Enhanced PostgreSQL
Today was the first day of Linux Conf Au 2009 [1]. KaiGai Kohei was unable to attend the conference and give a database mini-conf presentation about his work on Security[...]
Debian Multimedia and SE LinuxDebian Multimedia and SE Linux
I have just had a need to install packages from Debian-Multimedia.org to correctly play .3gp files from my mobile phone (the stock Mplayer in Debian would not play the sound).[...]
SE Linux and Decrypted DataSE Linux and Decrypted Data
There is currently a discussion on the Debian-security mailing list about how to protect data which came from an encrypted file. I was going to skip that one until someone[...]
RPC and SE LinuxRPC and SE Linux
One ongoing problem with TCP networking is the combination of RPC services and port based services on the same host. If you have an RPC service that uses a port[...]
An Update on DKIM Signing and SE Linux PolicyAn Update on DKIM Signing and SE Linux Policy
In my previous post about DKIM [1] I forgot to mention one critical item, how to get Postfix to actually talk to the DKIM milter. This wasn’t a bad thing[...]
Play Machine UpdatePlay Machine Update
My Play Machine [1] was offline for most of the past 48 hours (it’s up again now). I have upgraded the hardware for the Dom0 used to run it so[...]
Execmod and SE Linux – i386 Must DieExecmod and SE Linux – i386 Must Die
I have previously written about the execmod permission check in SE Linux [1] and in a post about SE Linux on the desktop I linked to some bug reports about[...]
SE Linux in Lenny status – Achieved Level 1SE Linux in Lenny status – Achieved Level 1
I previously described the goals for SE Linux development in Lenny and assigned numbers to the levels of support [1]. I have just uploaded a new policy to unstable which[...]
Is SE Linux Unixish?Is SE Linux Unixish?
In a comment on my AppArmor is dead post [1] someone complained that SE Linux is not “Unixish“. The security model in Unix is almost exclusively Discretionary Access Control (DAC)[...]