With SELinux technology it’s possible confine not only system process (as it’s by default used in Fedora, CentOS and Red Hat Enterprise Linux) but also
In current Fedora 32 Beta, if you have freeipa-server package present on your system, you can see that SELinux module “ipa” is enabled twice. You can check it using semodule command.
Hi All, January and February are always connected with two great open-source conferences in Europe. First, is Devconf.cz based in Brno Czechia and the second
Last week colleague of mine asked, how to prove that some operation is allowed in installed SELinux policy? This could be useful when you’re troubleshooting
Today, I would like to focus on more advance feature in SELinux technology which are confined users. I wrote several posts where I described how
Last week article about the udica was published on fedoramagazine.Go and see how easily SELinux policy could be generated for containers! We also collects use
Hi All, Two weeks ago, very interesting bug was created against selinux-policy component and assigned to me. Immediately, after first research, there was something really
Hi All, We had Open House Brno 2019 and our team Platform Security had talk on this event. Slides are available here, demos are here.
Hi All! Two months ago, very interesting and dangerous CVE was published. It’s CVE-2019-5736 what is vulnerability in runc and allows malicious process in container
Hi All, Sysadmins and SELinux policy developers are often asking me one simple question. “Lukas, How should I know what allow rules will be allowed