Preliminary SELinux MCS support in Gentoo Hardened
by Sven Vermeulen, post on Thu 21 July 2011Users tracking the
hardened-dev
overlay for SELinux packages will notice yet another update on the
selinux-base-policy
package. This time however, the change is a
little more
than just a policy update. With this new revision, preliminary support
for Multi-Category Security (aka MCS) is added.
MCS is an update on the …
On the new SELinux profiles
by Sven Vermeulen, post on Thu 14 July 2011Ever since Anthony put in the new SELinux profiles - which was long due - they have seen quite a few tests and the necessary, evolutionary updates. No changes that broke things, no oddities that would give a WTF to whomever is using it. The latest updates were to remove some obsolete …
Gentoo Hardened SELinux state
by Sven Vermeulen, post on Sat 09 July 2011Since last post, we've been working on the further stabilization and bug
fixing of the SELinux policies within Gentoo Hardened. You might have
noticed that we started working on the QA of the packages, like I
promised in the last post. The binaries within selinux-base-policy
are
now published somewhere on …
What's next after stabilization?
by Sven Vermeulen, post on Mon 13 June 2011The last few weeks have shown quite a few interesting improvements on Gentoo Hardened's SELinux state. We now have improved (simplified) Gentoo profile support, supporting SELinux on no-multilib (an often requested feature, now finally in), we stabilized the 2.20101213 policies that are in the tree and are cleaning up …
SELinux Gentoo profile updates
by Sven Vermeulen, post on Tue 03 May 2011The SELinux support within Gentoo Hardened is continuing to go forward. Anthony G. Basile has been working on the new SELinux Gentoo profiles which were in dire need of updates. With the rework, we'll also support the AMD64 no-multilib environment properly. With the new profiles we'll also make USE="open_perms …
Restoring configuration files on Gentoo
by Sven Vermeulen, post on Sat 19 March 2011If you work with Gentoo, you're probably aware of tools like etc-update and dispatch-conf. If you use dispatch-conf, you might know that it supports rcs for version control of the changes it makes. But if you have enabled it, you might be wondering how to actually restore configuration files with …
Updates on the Gentoo Hardened SELinux state
by Sven Vermeulen, post on Wed 02 March 2011For those following the progress of SELinux support in Gentoo Hardened...
In the hardened-development overlay, the selinux-base-policy
package
has been updated, hopefully fixing a nasty issue with support for the
targeted policy (up to today, I only tested strict policies so I missed
that). It also fixes an issue with …
"Gentoo in production?" Oh no, not again...
by Sven Vermeulen, post on Fri 21 January 2011I think it is that time of the year again, where people get some crazy ideas. Again I discussed the what must be the gazillion-th time I've been asked "Do you think Gentoo is ripe for use in production?". Honestly, I always tell myself to ignore those discussions but I've …
Why I have backups
by Sven Vermeulen, post on Thu 30 December 2010You often read stories about people who have data loss and did not keep any (recent) backups, and are now fully equipped with a state-of-the-art backup mechanism. So no - no such failure story here but an example why backups are important.
Yesterday I had a vicious RAID/LVM failure. Due …
Switching to hardened
by Sven Vermeulen, post on Sun 12 September 2010Yesterday (and this night) I successfully converted my system to a Gentoo Hardened system. In my case, this currently means that PaX has been enabled and I am currently running the system (which is an x86_64 laptop) with SELinux in permissive mode (so it won't enforce the policies yet, but …