As capabilities are a way for running processes with some privileges, without having the need to grant them root privileges, it is important to understand that they exist if you are a system administrator, but also as an auditor or other security-related function. Having processes run as a non-root user …more ...
Capabilities. You probably have heard of them already, but when you start developing SELinux policies, you'll notice that you come in closer contact with them than before. This is because SELinux, when applications want to do something "root-like", checks the capability of that application. Without SELinux, this either requires the …more ...
When you read through the Gentoo Hardened SELinux
you'll notice that we sometimes update
/etc/fstab with some
SELinux-specific settings. So, what are these settings about and are
there more of them?
First of all, let's look at a particular example from the installation instructions so you see what …more ...
I've recently came across libffi again.
No, not because it was mentioned during the Gentoo
Hardened online meeting, but
/var/tmp wasn't mounted correctly, and emerge (actually
python) uses libffi. Most users won't notice this, because libffi works
behind the scenes. But when it fails, it fails bad …
Sometimes, especially when users are converting their systems to be
SELinux-enabled, their user context is wrong. An example would be when,
after logon (in permissive mode), the user is in the
system_u:system_r:local_login_t domain instead of a user domain like
So, how does a login get …