With SELinux technology it’s possible confine not only system process (as it’s by default used in Fedora, CentOS and Red Hat Enterprise Linux) but also
Category: SELinux
SELinux helped to find security bug in build system!
Hi All, Two weeks ago, very interesting bug was created against selinux-policy component and assigned to me. Immediately, after first research, there was something really
CVE-2019-5736 runc escape vs. SELinux
Hi All! Two months ago, very interesting and dangerous CVE was published. It’s CVE-2019-5736 what is vulnerability in runc and allows malicious process in container
New trick: macro-expander!
Hi All, Sysadmins and SELinux policy developers are often asking me one simple question. “Lukas, How should I know what allow rules will be allowed
Polkit CVE-2018-19788 vs. SELinux
Hi All, Last month, I wrote about Xorg X server vulnerability and we have a new interesting vulnerability, now in PolicyKit. The exploit is based
CVE-2018-14665 : Xorg X Server Vulnerabilities vs. SELinux
Hi All! There is a new interesting CVE. An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users
How get file name from inode number?
Hi All, I will generate SELinux denial using following command: # cd /root ; passwd –help >& output.txt # ausearch -m AVC -ts recent type=AVC
How to enable full auditing in audit daemon?
Full auditing in audit deamon could be useful e.g. to identify which object on system has too tight rules and object is causing dac_override SELinux
Why do you see DAC_OVERRIDE SELinux denials?
Hello everyone! You could have seen SELinux denials (AVC messages) in your system in the recent release of Fedora 28 and of course Fedora Rawhide.
Newest SELinux policy every day!
SELinux policy for Fedora Rawhide and Fedora 27 is changing very dynamically and new rules are appearing in SELinux policy repositories almost every day. New