Simplicity is a form of art...

SELinux and noatsecure, or why portage complains about LD_PRELOAD and libsandbox.so
by Sven Vermeulen, post on Fri 22 April 2011

If you're fiddling with SELinux policies, you will eventually notice that the reference policy by default hides certain privilege requests (which are denied). One of them is noatsecure. But what is noatsecure? To describe noatsecure, I first need to describe what atsecure is. And to describe what that is, we …

cvechecker 3.0
by Sven Vermeulen, post on Tue 12 April 2011

I'm pleased to announce the immediate availability of cvechecker 3.0. It contains two major feature enhancements: watchlists and MySQL support.

watchlists allow cvechecker to track and report on CVEs for software that cvechecker didn't detect on the system (or perhaps even isn't installed on the system). You can use …

cvechecker updates
by Sven Vermeulen, post on Sun 27 March 2011

The in-svn version of cvechecker has seen quite a few changes in the last few days. I'm adding support for MySQL to it. This support will be added in three steps:

  1. support the same features as cvechecker currently does using sqlite
  2. streamline the database code so that duplicate code in …

Restoring configuration files on Gentoo
by Sven Vermeulen, post on Sat 19 March 2011

If you work with Gentoo, you're probably aware of tools like etc-update and dispatch-conf. If you use dispatch-conf, you might know that it supports rcs for version control of the changes it makes. But if you have enabled it, you might be wondering how to actually restore configuration files with …

Updates on SELinux docs, added FAQ
by Sven Vermeulen, post on Wed 09 March 2011

As you're probably noticing from my twitter feed and the various posts earlier in my blog, I'm helping out with the Gentoo Hardened folks to get the SELinux support state up to par. Today, the Gentoo Hardened/SELinux Handbook had a few updates, but the most important change is that …

Portage fails to build due to SELinux?
by Sven Vermeulen, post on Thu 03 March 2011

If you're having troubles getting Portage to build packages due to SELinux, then the reason usually is that it is unable to transition to the proper portage domains. You'll get a nice OSError back with an ugly backtrace, saying somewhere that "setexeccon" is misbehaving.

Now, the real issue (not being …

Updates on the Gentoo Hardened SELinux state
by Sven Vermeulen, post on Wed 02 March 2011

For those following the progress of SELinux support in Gentoo Hardened...

In the hardened-development overlay, the selinux-base-policy package has been updated, hopefully fixing a nasty issue with support for the targeted policy (up to today, I only tested strict policies so I missed that). It also fixes an issue with …

Temporary script for Gentoo Hardened SELinux users
by Sven Vermeulen, post on Sun 27 February 2011

If you are currently using Gentoo Hardened with SELinux, you might have noticed that we are currently lacking the proper dependencies within our Portage tree upon the SELinux policies (or, in other words, installing a package doesn't guarantee that the SELinux policy needed for that package is pulled in as …

About time...
by Sven Vermeulen, post on Thu 24 February 2011

I was just wondering why "UTC" stood for "Coordinated Universal Time". Apparently (okay, citing Wikipedia here, so be critical), it's of two main reasons: English and French speaking folks that were participating in that discussion wanted their language to be presented in the abbreviation (English wants "CUT - Coordinated Universal Time …

cvechecker update
by Sven Vermeulen, post on Sat 19 February 2011

A while ago, I got the request to enhance cvechecker with support for providing a list of installed software (or software you want to watch over with cvechecker) even if cvechecker isn't able to detect that software on your system. I've implemented this and it is currently available in the …