Chroots for SELinux enabled applications
by Sven Vermeulen, post on Sun 22 June 2014Today I had to prepare a chroot jail (thank you grsecurity for the neat
additional chroot protection features) for a SELinux-enabled
application. As a result, "just" making a chroot was insufficient: the
application needed access to /sys/fs/selinux. Of course, granting
access to /sys is not something I like …
SELinux mount options
by Sven Vermeulen, post on Wed 01 May 2013When you read through the Gentoo Hardened SELinux
handbook,
you'll notice that we sometimes update /etc/fstab with some
SELinux-specific settings. So, what are these settings about and are
there more of them?
First of all, let's look at a particular example from the installation instructions so you see what …