-
Archives
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- February 2010
- January 2010
- December 2009
- October 2009
- September 2009
- August 2009
- April 2009
- February 2009
- December 2008
- September 2008
- August 2008
-
Meta
Category Archives: SELinux
SELinux Gentoo/Hardened state 2011-12-19
On december 14th, the Gentoo Hardened project had its monthly online meeting to discuss the current state of affairs of its projects and subprojects. Amongst them, the updates on the SELinux-front were presented as well. Since last meeting, the follow … Continue reading
Posted in Hardened, SELinux
2 Comments
SELinux’ 2011/07 releases now stable
A few minutes ago, I stabilized both the 2.20110726 policies as well as the SELinux userspace utilities that were stable (upstream) on 20110727. With the change, I also updated the Gentoo SELinux Handbook with the changes I presented on our … Continue reading
Posted in Hardened, SELinux
Leave a comment
Gentoo Hardened SELinux policies, rev 5
I’ve pushed out selinux-base-policy version 2.20110726-r5 to the hardened-dev overlay. It does not hold huge changes, most of them are rewrites or updates on pre-existing patches (on the SELinux policies) to make them conform the refpolicy naming conventions and other … Continue reading
Posted in Hardened, SELinux
Leave a comment
Mitigating risks, part 4 – Mandatory Access Control
I’ve talked about service isolation earlier and the risks that it helps to mitigate. However, many applications still run as highly privileged accounts, or can be abused to execute more functions than intended. Service isolation doesn’t help there, and system … Continue reading
Posted in Architecture, Hardened, Security, SELinux
1 Comment
Now using refpolicy 2.20110726
A few days ago, I committed the SELinux policy modules that are based on the 2.20110726 set released upstream. For those that are using Gentoo Hardened with SELinux, you’ll find them if you use the ~arch set for the sec-policy … Continue reading
Posted in Hardened, SELinux
Leave a comment
Easy documentation updates thanks to the many contributions
As mentioned previously, I took a stab at the Gentoo Guide to OpenLDAP Authentication, updating its configuration settings as well as give an introduction to its replication mechanism. Although I am no OpenLDAP guru at all, I set up a … Continue reading
Posted in Gentoo, Hardened, SELinux
Leave a comment
Preliminary SELinux MCS support in Gentoo Hardened
Users tracking the hardened-dev overlay for SELinux packages will notice yet another update on the selinux-base-policy package. This time however, the change is a little more than just a policy update. With this new revision, preliminary support for Multi-Category Security … Continue reading
Posted in Hardened, SELinux
Leave a comment
Some people on #selinux are … dolphins
A very useful resource for anyone working on or with SELinux policies is the #selinux chat channel on irc.freenode.net. People like Dominick Grift and Dan Walsh you would first think are IRC bots (being online all the time, answering questions), … Continue reading
Posted in SELinux
Leave a comment
Gentoo Hardened SELinux state
Since last post, we’ve been working on the further stabilization and bug fixing of the SELinux policies within Gentoo Hardened. You might have noticed that we started working on the QA of the packages, like I promised in the last … Continue reading
Posted in Hardened, SELinux, Uncategorized
Leave a comment
Policy 25, 26
Recently I’ve seen quite a few messages on IRC pop up about policy.25 or even policy.26 so I harassed the guys in the chat channel to talk about it. Apparently, these new binary policy formats add support for filename transitions … Continue reading
Posted in SELinux
2 Comments