Using strace to troubleshoot SELinux problems
by Sven Vermeulen, post on Wed 24 April 2013When SELinux is playing tricks on you, you can just "allow" whatever it wants to do, but that is not always an option: sometimes, there is no denial in sight because the problem lays within SELinux-aware applications (applications that might change their behavior based on what the policy sais or …
SLOT'ing the old swig-1
by Sven Vermeulen, post on Tue 23 April 2013The SWIG tool helps developers in building interfaces/libraries that can be accessed from many other languages than the ones the library is initially written in or for. The SELinux userland utility setools uses it to provide Python and Ruby interfaces even though the application itself is written in C …
Mitigating DDoS attacks
by Sven Vermeulen, post on Mon 22 April 2013Lately, DDoS attacks have been in the news more than I was hoping for. It seems that the botnets or other methods that are used to generate high-volume traffic to a legitimate service are becoming more and more easy to get and direct. At the time that I'm writing this …
Introducing selocal for small SELinux policy enhancements
by Sven Vermeulen, post on Sun 21 April 2013When working with a SELinux-enabled system, administrators will eventually need to make small updates to the existing policy. Instead of building their own full policy (always an option, but most likely not maintainable in the long term) one or more SELinux policy modules are created (most distributions use a modular …
Transforming GuideXML to DocBook
by Sven Vermeulen, post on Sat 20 April 2013I recently committed an XSL stylesheet that allows us to transform the GuideXML documents (both guides and handbooks) to DocBook. This isn't part of a more elaborate move to try and push DocBook instead of GuideXML for the Gentoo Documentation though (I'd rather direct documentation development more to the Gentoo …
Comparing performance with sysbench: performance analysis
by Sven Vermeulen, post on Fri 19 April 2013So in the past few posts I discussed how sysbench can be used to simulate some workloads, specific to a particular set of tasks. I used the benchmark application to look at the differences between the guest and host on my main laptop, and saw a major performance regression with …
Comparing performance with sysbench: memory, threads and mutexes
by Sven Vermeulen, post on Fri 19 April 2013In the previous post, I gave some feedback on the cpu and fileio workload tests that sysbench can handle. Next on the agenda are the memory, threads and mutex workloads.
When using the memory workload, sysbench will allocate a buffer (provided through the --memory-block-size parameter, defaults to 1kbyte) and each …
Another Gentoo Hardened month has passed
by Sven Vermeulen, post on Thu 18 April 2013Another month has passed, so time to mention again what we have all been doing lately ;-)
Toolchain
Version 4.8 of GCC is available in the tree, but currently masked. The package contains a fix needed to build hardened-sources, and a fix for the asan (address sanitizer). asan support in …
Comparing performance with sysbench: cpu and fileio
by Sven Vermeulen, post on Thu 18 April 2013Being busy with virtualization and additional security measures, I frequently come in contact with people asking me what the performance impact is. Now, you won't find the performance impact of SELinux here as I have no guests nor hosts that run without SELinux. But I did want to find out …
Simple drawing for I/O positioning
by Sven Vermeulen, post on Thu 18 April 2013Instead of repeatedly trying to create an overview of the various layers involved with I/O operations within Linux on whatever white-board is in the vicinity, I decided to draw one up in Draw.io that I can then update as I learn more from this fascinating world. The drawing's …