Since a few months I have a build failure every time I try to generate
an initial ram file system (as my current primary workstation uses a
/usr and LVM for everything except
* busybox: >> Compiling... * ERROR: Failed to compile the "all" target... * * -- Grepping log... -- * * - busybox-1.7.4-signal-hack.patch …
On today's GSE Linux / GSE Security meeting (in cooperation with IMUG) I gave a small (30 minutes) presentation about what SELinux is. The slides are online and cover two aspects of SELinux: some of its design principles, and then a set of features provided by SELinux. The talk is directed …more ...
Or any other profile for that matter ;-)
A month or so ago we got the question how to enable SELinux on a Gentoo
profile that doesn't have a
<some profilename>/selinux equivalent.
Because we don't create SELinux profiles for all possible profiles out
there, having a way to do this …
A few weeks ago, we introduced an error in the (\~arch)
ebuild which caused the following stacktrace to occur every time the
semanage command was invoked:
~ # semanage Traceback (most recent call last): File "/usr/lib/python-exec/python2.7/semanage", line 27, in import seobject File "/usr/lib64/python2.7 …
I've been away for a while, and this week will (hopefully) be the last week of all the effort that is causing this. And that means I'll get back to blogging, documentation development, SELinux integration, SELinux policy development and more. To be honest, I'm eagerly awaiting this moment of getting …more ...
I blogged about how SELinux decides what the context should be for a particular Linux user; how it checks the default context(s) and tells the SELinux-aware application on what the new context should be. Let's look into the C code that does so, and how an application should behave …more ...
Sounds like a stupid question, as the answer is already in the title. If a company has only RedHat Enterprise Linux as allowed / supported Linux platform (be it for a support model requirement, ISV certification, management tooling support or what not) how could or would Gentoo still play a role …more ...
Just a quick pro-tip: if you need to know the environment variables for
a process, you can see them in that process'
file. The file however shows the environment variables on one line, with
a null character as separator. With a simple sed you can show it …
Today a question was raised how the unprivileged user domain
was allowed to write to
cgroup_t files. There is nothing obvious about
that in the
roles/unprivuser.te file, so what gives?
I used a simple script (which I've been using for a while already) called seshowtree which presents …more ...