Closing week? No, starting week...

I've been away for a while, and this week will (hopefully) be the last week of all the effort that is causing this. And that means I'll get back to blogging, documentation development, SELinux integration, SELinux policy development and more. To be honest, I'm eagerly awaiting this moment of getting …

more ...




How does foo_t get this privilege?

Today a question was raised how the unprivileged user domain user_t was allowed to write to cgroup_t files. There is nothing obvious about that in the roles/unprivuser.te file, so what gives?

I used a simple script (which I've been using for a while already) called seshowtree which presents …

more ...

Oh it is cron again...

Today I was pointed to the following error:

test fcron[6722]: fcron[6722] 3.1.2 started
test fcron[6722]: Cannot bind socket to '/var/run/fcron.fifo': Permission denied
test fcron[6722]:  "at" reboot jobs will only be run at computer's startup.
test fcron[6722]: updating configuration from …
more ...




Giving weights to compliance rules

Now that we wrote up a few OVAL statements and used those instead of SCE driven checks (where possible), let's finish up and go back to the XCCDF document and see how we can put weights in place.

The CVE (Common Vulnerability Exposure) standard allows for vulnerabilities to be given …

more ...