Gentoo Summer of Documentation - Let's do it!
by Sven Vermeulen, post on Fri 29 June 2012The Gentoo Wiki folks have started a great idea (and immediately set a nice milestone), namely the Gentoo Wiki Summer of Documentation. By september, they want to double the amount of articles on the wiki.
I'll surely help out and participate where I can, and perhaps we can even go …
Had to edit /etc/init.d/root
by Sven Vermeulen, post on Sun 24 June 2012For some reason, I had to edit my /etc/init.d/root file to use "mount /dev/root -n -o remount,rw /" instead of the standard "mount -n -o remount,rw /". Without this, it failed to remount the root file system in a read-write mode, which is of course not …
Overview of SELinux changes
by Sven Vermeulen, post on Sun 24 June 2012Most users of Gentoo hardly take a look at the (installation) documentation when their installation has finished. After all, being a rolling distribution, there is little need to take a look at the instructions again. And for most Gentoo users, changes that are needed to be reviewed by existing users …
Python 3 support for SELinux userland, tests and policy rev 10
by Sven Vermeulen, post on Sat 26 May 2012In the last few hours I pushed my local changes on the SELinux userland utilities towards the hardened-development overlay. The utilities not only include some bugfixes, but have now also seen a first set of tests towards Python 3.2. In the past, I've made a few attempts at making …
Catching up, but stuff is piling...
by Sven Vermeulen, post on Thu 24 May 2012Those that are frequent the #gentoo-hardened chat channel know that I'm currently trying to get the SELinux related utilities working under Python 3. This has progressed quite far, but I'm still not there yet. I'm now hitting a weird bug which seems to come down to an incorrect free() on …
Keeping /selinux
by Sven Vermeulen, post on Fri 04 May 2012Just a very quick paragraph on a just-reported issue: if you upgrade
your SELinux utilities to the latest version and you switch from
/selinux to /sys/fs/selinux as the mountpoint for the SELinux file
system, you might get into issues. Apparently, init (which is
responsible for mounting the SELinux …
20120215 policies now stable
by Sven Vermeulen, post on Sun 29 April 2012Today I've stabilized the sec-policy/selinux-* packages that provide
the 20120215 "series" of SELinux policies. Together with the
stabilization, the more recent userspace tools (like the policycoreutils
as well as libraries like libsemanage and libselinux) have been pushed
out as well. I will be dropping the older policies and userspace …
Linux Sea now in ePub
by Sven Vermeulen, post on Fri 20 April 2012On request of Matthew Marchese, I now automatically build an ePub version of Linux Sea for those that like to read such resources on a digital reader. Thanks to the use of DocBook, this was simply a matter of using its xsl-stylesheets/epub/docbook.xsl stylesheet against the DocBook sources …
Why both chroot and SELinux?
by Sven Vermeulen, post on Sun 15 April 2012In my previous post, a very valid question was raised by Alexander E. Patrakov: why still use chroot if you have SELinux?
Both chroot (especially with the additional restrictions that grSecurity enables on chroots that make it more difficult to break out of a chroot) and SELinux try to isolate …
Chrooted BIND for IPv6 with SELinux
by Sven Vermeulen, post on Sat 14 April 2012BIND, or Berkeley Internet Name Domain, is one of the Internet's most popular domain name service software (DNS). It has seen its set of security flaws in the past, which is not that strange as it is such a frequently used service on the Internet. In this post, I'll give …