Hi All, Sysadmins and SELinux policy developers are often asking me one simple question. “Lukas, How should I know what allow rules will be allowed
Hi All, Last month, I wrote about Xorg X server vulnerability and we have a new interesting vulnerability, now in PolicyKit. The exploit is based
Hi All! There is a new interesting CVE. An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users
Hi All, I will generate SELinux denial using following command: # cd /root ; passwd –help >& output.txt # ausearch -m AVC -ts recent type=AVC
Full auditing in audit deamon could be useful e.g. to identify which object on system has too tight rules and object is causing dac_override SELinux
Hello everyone! You could have seen SELinux denials (AVC messages) in your system in the recent release of Fedora 28 and of course Fedora Rawhide.
SELinux policy for Fedora Rawhide and Fedora 27 is changing very dynamically and new rules are appearing in SELinux policy repositories almost every day. New
Hi SELinux folks, Building selinux-policy rpm package was quite complicated and confusing for developers because of massive patches against Tresys reference base and contrib repositories.
Some time ago, I published a post about shipping custom SELinux modules together with product as rpm subpackage. One of the steps in shipping custom
Hello everyone! Some time ago I introduced first part of shipping own custom module with rpm package of your application. This solution allows you to