Fixing the busybox build failure

Since a few months I have a build failure every time I try to generate an initial ram file system (as my current primary workstation uses a separate /usr and LVM for everything except /boot):

* busybox: >> Compiling...
* ERROR: Failed to compile the "all" target...
* 
* -- Grepping log... --
* 
*           - busybox-1.7.4-signal-hack.patch …
more ...


Create your own SELinux Gentoo profile

Or any other profile for that matter ;-)

A month or so ago we got the question how to enable SELinux on a Gentoo profile that doesn't have a <some profilename>/selinux equivalent. Because we don't create SELinux profiles for all possible profiles out there, having a way to do this …

more ...

Hidden symbols and dynamic linking

A few weeks ago, we introduced an error in the (\~arch) libselinux ebuild which caused the following stacktrace to occur every time the semanage command was invoked:

~ # semanage
Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/semanage", line 27, in 
    import seobject
  File "/usr/lib64/python2.7 …
more ...

Closing week? No, starting week...

I've been away for a while, and this week will (hopefully) be the last week of all the effort that is causing this. And that means I'll get back to blogging, documentation development, SELinux integration, SELinux policy development and more. To be honest, I'm eagerly awaiting this moment of getting …

more ...




How does foo_t get this privilege?

Today a question was raised how the unprivileged user domain user_t was allowed to write to cgroup_t files. There is nothing obvious about that in the roles/unprivuser.te file, so what gives?

I used a simple script (which I've been using for a while already) called seshowtree which presents …

more ...