-
Archives
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- February 2010
- January 2010
- December 2009
- October 2009
- September 2009
- August 2009
- April 2009
- February 2009
- December 2008
- September 2008
- August 2008
-
Meta
Author Archives: swift
On the new SELinux profiles
Ever since Anthony put in the new SELinux profiles – which was long due – they have seen quite a few tests and the necessary, evolutionary updates. No changes that broke things, no oddities that would give a WTF to … Continue reading
Posted in Hardened
Leave a comment
Gentoo Hardened SELinux state
Since last post, we’ve been working on the further stabilization and bug fixing of the SELinux policies within Gentoo Hardened. You might have noticed that we started working on the QA of the packages, like I promised in the last … Continue reading
Posted in Hardened, SELinux, Uncategorized
Leave a comment
What’s next after stabilization?
The last few weeks have shown quite a few interesting improvements on Gentoo Hardened’s SELinux state. We now have improved (simplified) Gentoo profile support, supporting SELinux on no-multilib (an often requested feature, now finally in), we stabilized the 2.20101213 policies … Continue reading
Posted in Hardened
Leave a comment
Policy 25, 26
Recently I’ve seen quite a few messages on IRC pop up about policy.25 or even policy.26 so I harassed the guys in the chat channel to talk about it. Apparently, these new binary policy formats add support for filename transitions … Continue reading
Posted in SELinux
2 Comments
SELinux file contexts
If you have been working with SELinux for a while, you know that file contexts are an important part of the policy and its enforcement. File contexts are used to inform the SELinux tools which type a file, directory, socket, … Continue reading
Posted in Hardened, SELinux
Leave a comment
SELinux Gentoo profile updates
The SELinux support within Gentoo Hardened is continuing to go forward. Anthony G. Basile has been working on the new SELinux Gentoo profiles which were in dire need of updates. With the rework, we’ll also support the AMD64 no-multilib environment … Continue reading
Posted in Hardened
Leave a comment
SELinux User-Based Access Control
Within the reference policy, support is given to a feature called UBAC constraints. Here, UBAC stands for User Based Access Control. The idea behind the constraint is that any activity between two types (say foo_t and bar_t) can be prohibited … Continue reading
Posted in Hardened, SELinux
15 Comments
SELinux and noatsecure, or why portage complains about LD_PRELOAD and libsandbox.so
If you’re fiddling with SELinux policies, you will eventually notice that the reference policy by default hides certain privilege requests (which are denied). One of them is noatsecure. But what is noatsecure? To describe noatsecure, I first need to describe … Continue reading
Posted in Hardened, SELinux
Leave a comment
cvechecker 3.0
I’m pleased to announce the immediate availability of cvechecker 3.0. It contains two major feature enhancements: watchlists and MySQL support. watchlists allow cvechecker to track and report on CVEs for software that cvechecker didn’t detect on the system (or perhaps … Continue reading
Posted in cvechecker
Leave a comment
cvechecker updates
The in-svn version of cvechecker has seen quite a few changes in the last few days. I’m adding support for MySQL to it. This support will be added in three steps: support the same features as cvechecker currently does using … Continue reading
Posted in cvechecker
Leave a comment