Skip to content

Lukas Vrabec

Blogs from SELinux world!

September 4, 2021September 4, 2021 lvrabec

SELinux confined users and MCS benefits

Fedora, SELinux

With SELinux technology it’s possible confine not only system process (as it’s by default used in Fedora, CentOS and Red Hat Enterprise Linux) but also

Read More
April 25, 2020September 4, 2021 lvrabec

Multiple SELinux modules installed on system. Why?

Uncategorized

In current Fedora 32 Beta, if you have freeipa-server package present on your system, you can see that SELinux module “ipa” is enabled twice. You can check it using semodule command.

Read More
February 9, 2020September 4, 2021 lvrabec

Udica & SELinux talks on Devconf.cz and Fosdem 2020

Conferences, Uncategorized

Hi All, January and February are always connected with two great open-source conferences in Europe. First, is Devconf.cz based in Brno Czechia and the second

Read More
September 29, 2019September 4, 2021 lvrabec

How to prove that operation is allowed in SELinux policy?

Uncategorized

Last week colleague of mine asked, how to prove that some operation is allowed in installed SELinux policy? This could be useful when you’re troubleshooting

Read More
June 16, 2019November 18, 2021 lvrabec

Distinguish sysadm and secadm roles

Uncategorized

Today, I would like to focus on more advance feature in SELinux technology which are confined users. I wrote several posts where I described how

Read More
May 12, 2019October 31, 2021 lvrabec

Use udica to build SELinux policy for containers

Uncategorized

Last week article about the udica was published on fedoramagazine.Go and see how easily SELinux policy could be generated for containers! We also collects use

Read More
April 25, 2019 lvrabec

SELinux helped to find security bug in build system!

Fedora, SELinux

Hi All, Two weeks ago, very interesting bug was created against selinux-policy component and assigned to me. Immediately, after first research, there was something really

Read More
April 19, 2019September 14, 2021 lvrabec

Red Hat Brno Open House 2019

Uncategorized

Hi All, We had Open House Brno 2019 and our team Platform Security had talk on this event. Slides are available here, demos are here.

Read More
April 5, 2019September 5, 2021 lvrabec

CVE-2019-5736 runc escape vs. SELinux

Fedora, SELinux

Hi All! Two months ago, very interesting and dangerous CVE was published. It’s CVE-2019-5736 what is vulnerability in runc and allows malicious process in container

Read More
February 3, 2019September 22, 2021 lvrabec

New trick: macro-expander!

Fedora, SELinux

Hi All, Sysadmins and SELinux policy developers are often asking me one simple question. “Lukas, How should I know what allow rules will be allowed

Read More

Posts navigation

Older posts

About Me


Lukas Vrabec Photo
Lukas Vrabec is a product owner & SELinux technology evangelist at Red Hat. He is leading SELinux and Security Special Projects engineering teams. Lukas is a long-term Fedora contributor and Red Hat Enterprise Linux developer. He is the author of udica, the tool for generating custom SELinux profiles for containers.

More Articles

Red Hat Official Blog
Red Hat Sysadmin Blog

About This Site

This site is mainly about SELinux related topics, ideas, tips-tricks.

All Rights Reserved 2022
Proudly powered by WordPress | Theme: Gist by Candid Themes.