Use change management when you are using SELinux to its fullest
by Sven Vermeulen, post on Thu 30 April 2015If you are using SELinux on production systems (with which I mean systems that you offer services with towards customers or other parties beyond you, yourself and your ego), please consider proper change management if you don't do already. SELinux is a very sensitive security subsystem - not in the sense …
Moving closer to 2.4 stabilization
by Sven Vermeulen, post on Mon 27 April 2015The SELinux userspace project has released version 2.4 in february this year, after release candidates have been tested for half a year. After its release, we at the Gentoo Hardened project have been working hard to integrate it within Gentoo. This effort has been made a bit more difficult …
Trying out Pelican, part one
by Sven Vermeulen, post on Fri 06 March 2015One of the goals I've set myself to do this year (not as a new year resolution though, I *really* want to accomplish this ;-) is to move my blog from Wordpress to a statically built website. And Pelican looks to be a good solution to do so. It's based on …
CIL and attributes
by Sven Vermeulen, post on Sun 15 February 2015I keep on struggling to remember this, so let's make a blog post out of it ;-)
When the SELinux policy is being built, recent userspace (2.4 and higher) will convert the policy into CIL language, and then build the binary policy. When the policy supports type attributes, these are …
Have dhcpcd wait before backgrounding
by Sven Vermeulen, post on Sun 08 February 2015Many of my systems use DHCP for obtaining IP addresses. Even though they all receive a static IP address, it allows me to have them moved over (migrations), use TFTP boot, cloning (in case of quick testing), etc. But one of the things that was making my efforts somewhat more …
Old Gentoo system? Not a problem...
by Sven Vermeulen, post on Wed 21 January 2015If you have a very old Gentoo system that you want to upgrade, you might have some issues with too old software and Portage which can't just upgrade to a recent state. Although many methods exist to work around it, one that I have found to be very useful is …
SELinux is great for enterprises (but many don't know it yet)
by Sven Vermeulen, post on Sat 03 January 2015Large companies that handle their own IT often have internal support teams for many of the technologies that they use. Most of the time, this is for reusable components like database technologies, web application servers, operating systems, middleware components (like file transfers, messaging infrastructure, ...) and more. All components that are …
Gentoo Wiki is growing
by Sven Vermeulen, post on Sat 03 January 2015Perhaps it is because of the winter holidays, but the last weeks I've noticed a lot of updates and edits on the Gentoo wiki.
The move to the
Tyrian layout,
whose purpose is to eventually become the unified layout for all Gentoo
resources, happened first. Then, three common templates (Code …
Why does it access /etc/shadow?
by Sven Vermeulen, post on Tue 30 December 2014While updating the SELinux policy for the Courier IMAP daemon, I noticed
that it (well, the authdaemon that is part of Courier) wanted to access
/etc/shadow, which is of course a big no-no. It doesn't take long to
know that this is through the PAM support (more specifically,
pam_unix …
Added UEFI instructions to AMD64/x86 handbooks
by Sven Vermeulen, post on Tue 23 December 2014I just finished up adding some UEFI instructions to the Gentoo handbooks for AMD64 and x86 (I don't know how many systems are still using x86 instead of the AMD64 one, and if those support UEFI, but the instructions are shared and they don't collide). The entire EFI stuff can …