Comparing performance with sysbench: memory, threads and mutexes

In the previous post, I gave some feedback on the cpu and fileio workload tests that sysbench can handle. Next on the agenda are the memory, threads and mutex workloads.

When using the memory workload, sysbench will allocate a buffer (provided through the --memory-block-size parameter, defaults to 1kbyte) and each …

more ...

Another Gentoo Hardened month has passed

Another month has passed, so time to mention again what we have all been doing lately ;-)

Toolchain

Version 4.8 of GCC is available in the tree, but currently masked. The package contains a fix needed to build hardened-sources, and a fix for the asan (address sanitizer). asan support in …

more ...



What could SELinux have done to mitigate the postgresql vulnerability?

Gentoo is one of the various distributions which supports SELinux as a Mandatory Access Control system to, amongst other things, mitigate the results of a succesfull exploit against software. So what about the recent PostgreSQL vulnerability?

When correctly configured, the PostgreSQL daemon will run in the postgresql_t domain. In SELinux-speak …

more ...


Not needing run_init for password-less service management

One of the things that has been bugging me was why, even with having pam_rootok.so set in /etc/pam.d/run_init, I cannot enjoy passwordless service management without using run_init directly:

# rc-service postgresql-9.2 status
Authenticating root.
Password:

# run_init rc-service postgresql-9.2 status
Authenticating root.
 * status: started

So I …

more ...


Separate puppet provider for Gentoo/SELinux?

While slowly transitioning my playground infrastructure towards Puppet, I already am in process of creating a custom provider for things such as services. Puppet uses providers as "implementations" for the functions Puppet needs. For instance, for the service type (which handles init script services), there are providers for RedHat, Debian …

more ...