Skip to content

Lukas Vrabec

Blogs from SELinux world!

September 29, 2019 Lukas

How to prove that operation is allowed in SELinux policy?

Uncategorized

Last week colleague of mine asked, how to prove that some operation is allowed in installed SELinux policy? This could be useful when you’re troubleshooting

Read More
June 16, 2019 Lukas

Distinguish sysadm and secadm roles

Uncategorized

Today, I would like to focus on more advance feature in SELinux technology which are confined users. I wrote several posts where I described how

Read More
May 12, 2019May 12, 2019 Lukas

Use udica to build SELinux policy for containers

Uncategorized

Last week article about the udica was published on fedoramagazine.Go and see how easily SELinux policy could be generated for containers! We also collects use

Read More
April 25, 2019April 25, 2019 Lukas

SELinux helped to find security bug in build system!

Fedora, SELinux

Hi All, Two weeks ago, very interesting bug was created against selinux-policy component and assigned to me. Immediately, after first research, there was something really

Read More
April 19, 2019April 19, 2019 Lukas

Red Hat Brno Open House 2019

Uncategorized

Hi All, We had Open House Brno 2019 and our team Platform Security had talk on this event. Slides are available here, demos are here.

Read More
April 5, 2019 Lukas

CVE-2019-5736 runc escape vs. SELinux

Fedora, SELinux

Hi All! Two months ago, very interesting and dangerous CVE was published. It’s CVE-2019-5736 what is vulnerability in runc and allows malicious process in container

Read More
February 3, 2019February 3, 2019 Lukas

New trick: macro-expander!

Fedora, SELinux

Hi All, Sysadmins and SELinux policy developers are often asking me one simple question. “Lukas, How should I know what allow rules will be allowed

Read More
December 9, 2018December 10, 2018 Lukas

Polkit CVE-2018-19788 vs. SELinux

Fedora, SELinux

Hi All, Last month, I wrote about Xorg X server vulnerability and we have a new interesting vulnerability, now in PolicyKit. The exploit is based

Read More
November 2, 2018 Lukas

CVE-2018-14665 : Xorg X Server Vulnerabilities vs. SELinux

SELinux

Hi All! There is a new interesting CVE. An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users

Read More
August 23, 2018August 24, 2018 Lukas

How get file name from inode number?

Fedora, SELinux

Hi All, I will generate SELinux denial using following command: # cd /root ; passwd –help >& output.txt # ausearch -m AVC -ts recent type=AVC

Read More

Posts navigation

Older posts

About me

Lukas Vrabec is a Senior Software engineer & SELinux technology evangelist at Red Hat. He is part of Security Controls team working on SELinux projects focusing especially on security policies. Lukas is author of udica, the tool for generating custom SELinux profiles for containers and currently maintains the selinux-policy packages for Fedora and Red Hat Enterprise Linux distributions.

About This Site

This site is mainly about SELinux related topics, ideas, tips-tricks.

Search

All Right Reserved 2016
Proudly powered by WordPress | Theme: Gist by Candid Themes.