Simplicity is a form of art...

Chroots for SELinux enabled applications
by Sven Vermeulen, post on Sun 22 June 2014

Today I had to prepare a chroot jail (thank you grsecurity for the neat additional chroot protection features) for a SELinux-enabled application. As a result, "just" making a chroot was insufficient: the application needed access to /sys/fs/selinux. Of course, granting access to /sys is not something I like …

SELinux mount options
by Sven Vermeulen, post on Wed 01 May 2013

When you read through the Gentoo Hardened SELinux handbook, you'll notice that we sometimes update /etc/fstab with some SELinux-specific settings. So, what are these settings about and are there more of them?

First of all, let's look at a particular example from the installation instructions so you see what …