Showing return code in PS1
by Sven Vermeulen, post on Sun 31 August 2014If you do daily management on Unix/Linux systems, then checking the return code of a command is something you'll do often. If you do SELinux development, you might not even notice that a command has failed without checking its return code, as policies might prevent the application from showing …
Gentoo Hardened august meeting
by Sven Vermeulen, post on Fri 29 August 2014Another month has passed, so we had another online meeting to discuss the progress within Gentoo Hardened.
Lead elections
The yearly lead elections within Gentoo Hardened were up again. Zorry (Magnus Granberg) was re-elected as project lead so doesn't need to update his LinkedIn profile yet ;-)
Toolchain
blueness (Anthony G …
Switching to new laptop
by Sven Vermeulen, post on Tue 19 August 2014I'm slowly but surely starting to switch to a new laptop. The old one hasn't completely died (yet) but given that I had to force its CPU frequency at the lowest Hz or the CPU would burn (and the system suddenly shut down due to heat issues), and that the …
Some changes under the hood
by Sven Vermeulen, post on Sat 09 August 2014In between conferences, technical writing jobs and traveling, we did a few changes under the hood for SELinux in Gentoo.
First of all, new policies are bumped and also stabilized (2.20130411-r3 is now stable, 2.20130411-r5 is \~arch). These have a few updates (mergers from upstream), and r5 also …
Gentoo Hardened July meeting
by Sven Vermeulen, post on Fri 01 August 2014I failed to show up myself (I fell asleep - kids are fun, but deplete your energy source quickly), but that shouldn't prevent me from making a nice write-up of the meeting.
Toolchain
GCC 4.9 gives some issues with kernel compilations and other components. Lately, breakage has been reported with …
Segmentation fault when emerging packages after libpcre upgrade?
by Sven Vermeulen, post on Wed 09 July 2014SELinux users might be facing failures when emerge is merging a package to the file system, with an error that looks like so:
>>> Setting SELinux security labels
/usr/lib64/portage/bin/misc-functions.sh: line 1112: 23719 Segmentation fault /usr/sbin/setfiles "${file_contexts_path}" -r "${D}" "${D}"
* ERROR: dev-libs/libpcre-8.35::gentoo …Multilib in Gentoo
by Sven Vermeulen, post on Wed 02 July 2014One of the areas in Gentoo that is seeing lots of active development is its ongoing effort to have proper multilib support throughout the tree. In the past, this support was provided through special emulation packages, but those have the (serious) downside that they are often outdated, sometimes even having …
D-Bus and SELinux
by Sven Vermeulen, post on Mon 30 June 2014After a post about D-Bus comes the inevitable related post about SELinux with D-Bus.
Some users might not know that D-Bus is an SELinux-aware application. That means it has SELinux-specific code in it, which has the D-Bus behavior based on the SELinux policy (and might not necessarily honor the "permissive …
D-Bus, quick recap
by Sven Vermeulen, post on Sun 29 June 2014I've never fully investigated the what and how of D-Bus. I know it is some sort of IPC, but higher level than the POSIX IPC methods. After some reading, I think I start to understand how it works and how administrators can work with it. So a quick write-down is …
Chroots for SELinux enabled applications
by Sven Vermeulen, post on Sun 22 June 2014Today I had to prepare a chroot jail (thank you grsecurity for the neat
additional chroot protection features) for a SELinux-enabled
application. As a result, "just" making a chroot was insufficient: the
application needed access to /sys/fs/selinux. Of course, granting
access to /sys is not something I like …