Simplicity is a form of art...

Moving closer to 2.4 stabilization
by Sven Vermeulen, post on Mon 27 April 2015

The SELinux userspace project has released version 2.4 in february this year, after release candidates have been tested for half a year. After its release, we at the Gentoo Hardened project have been working hard to integrate it within Gentoo. This effort has been made a bit more difficult …

Trying out Pelican, part one
by Sven Vermeulen, post on Fri 06 March 2015

One of the goals I've set myself to do this year (not as a new year resolution though, I *really* want to accomplish this ;-) is to move my blog from Wordpress to a statically built website. And Pelican looks to be a good solution to do so. It's based on …

CIL and attributes
by Sven Vermeulen, post on Sun 15 February 2015

I keep on struggling to remember this, so let's make a blog post out of it ;-)

When the SELinux policy is being built, recent userspace (2.4 and higher) will convert the policy into CIL language, and then build the binary policy. When the policy supports type attributes, these are …

Have dhcpcd wait before backgrounding
by Sven Vermeulen, post on Sun 08 February 2015

Many of my systems use DHCP for obtaining IP addresses. Even though they all receive a static IP address, it allows me to have them moved over (migrations), use TFTP boot, cloning (in case of quick testing), etc. But one of the things that was making my efforts somewhat more …

Old Gentoo system? Not a problem...
by Sven Vermeulen, post on Wed 21 January 2015

If you have a very old Gentoo system that you want to upgrade, you might have some issues with too old software and Portage which can't just upgrade to a recent state. Although many methods exist to work around it, one that I have found to be very useful is …

SELinux is great for enterprises (but many don't know it yet)
by Sven Vermeulen, post on Sat 03 January 2015

Large companies that handle their own IT often have internal support teams for many of the technologies that they use. Most of the time, this is for reusable components like database technologies, web application servers, operating systems, middleware components (like file transfers, messaging infrastructure, ...) and more. All components that are …

Gentoo Wiki is growing
by Sven Vermeulen, post on Sat 03 January 2015

Perhaps it is because of the winter holidays, but the last weeks I've noticed a lot of updates and edits on the Gentoo wiki.

The move to the Tyrian layout, whose purpose is to eventually become the unified layout for all Gentoo resources, happened first. Then, three common templates (Code …

Why does it access /etc/shadow?
by Sven Vermeulen, post on Tue 30 December 2014

While updating the SELinux policy for the Courier IMAP daemon, I noticed that it (well, the authdaemon that is part of Courier) wanted to access /etc/shadow, which is of course a big no-no. It doesn't take long to know that this is through the PAM support (more specifically, pam …

Added UEFI instructions to AMD64/x86 handbooks
by Sven Vermeulen, post on Tue 23 December 2014

I just finished up adding some UEFI instructions to the Gentoo handbooks for AMD64 and x86 (I don't know how many systems are still using x86 instead of the AMD64 one, and if those support UEFI, but the instructions are shared and they don't collide). The entire EFI stuff can …

Handbooks moved
by Sven Vermeulen, post on Sun 14 December 2014

Yesterday the move of the Gentoo Wiki for the Gentoo handbooks (whose most important part are the installation instructions for the various supported architectures) has been concluded, with a last-minute addition being the one-page views so that users who want to can view the installation instructions completely within one view …