SE Linux Support in GPGSE Linux Support in GPG
In May 2002 I had an idea for securing access to GNUPG [1]. What I did was to write SE Linux policy to only permit the gpg program to access[...]
Tag: Selinux
Trust and My SE Linux Play MachineTrust and My SE Linux Play Machine
When discussing the machine there are two common comments I get. One is a suggestion that I am putting myself at risk, I think that the risk of visiting[...]
SE Linux Play Machine and PasswordsSE Linux Play Machine and Passwords
My SE Linux Play Machine has been online again since the 18th of March. On Monday the 11th of Feb I took it offline after a user managed to change the[...]
SE Linux Etch Repository for AMD64SE Linux Etch Repository for AMD64
My Etch back-port repository of SE Linux related packages (which I documented in a previous post) now has a complete set of packages for AMD64. From now on I[...]
Debian SE Linux StatusDebian SE Linux Status
At the moment I’ve got more time to work on these things than I have had for a while. I’ve got Etch support going quite well (see my post about[...]
Linux Resource ControlsLinux Resource Controls
Using the “ulimit” controls over process resource use it is possible to limit RAM for processes and to limit the number of processes per UID. The problem is that this[...]
Suse and LCASuse and LCA
I previously wrote about how I gave a talk about SE Linux at a conference spot when a talk about AppArmor was scheduled. It turned out that the Suse people[...]
My LCA TalkMy LCA Talk
Last year at LCA Crispin Cowan suggested to me that I make a joint offer of a combined tutorial on SE Linux and AppArmor as a way of publicly comparing[...]
SE Linux in other DistributionsSE Linux in other Distributions
Recently a user has been asking about SE Linux support in MEPIS [1]. He seems to expect that as the distribution is based on Debian it should have the same[...]
Restorecon Equivalent for Unix PermissionsRestorecon Equivalent for Unix Permissions
SE Linux has a utility named restorecon to set (or reset) the security context. This is useful for many reasons, corrupted filesystems, users removing files or changing the context in[...]