Skip to content

Lukas Vrabec

Blogs from SELinux world!

Category: SELinux

September 4, 2021September 4, 2021 lvrabec

SELinux confined users and MCS benefits

Fedora, SELinux

With SELinux technology it’s possible confine not only system process (as it’s by default used in Fedora, CentOS and Red Hat Enterprise Linux) but also

Read More
April 25, 2019 lvrabec

SELinux helped to find security bug in build system!

Fedora, SELinux

Hi All, Two weeks ago, very interesting bug was created against selinux-policy component and assigned to me. Immediately, after first research, there was something really

Read More
April 5, 2019September 5, 2021 lvrabec

CVE-2019-5736 runc escape vs. SELinux

Fedora, SELinux

Hi All! Two months ago, very interesting and dangerous CVE was published. It’s CVE-2019-5736 what is vulnerability in runc and allows malicious process in container

Read More
February 3, 2019September 22, 2021 lvrabec

New trick: macro-expander!

Fedora, SELinux

Hi All, Sysadmins and SELinux policy developers are often asking me one simple question. “Lukas, How should I know what allow rules will be allowed

Read More
December 9, 2018September 5, 2021 lvrabec

Polkit CVE-2018-19788 vs. SELinux

Fedora, SELinux

Hi All, Last month, I wrote about Xorg X server vulnerability and we have a new interesting vulnerability, now in PolicyKit. The exploit is based

Read More
November 2, 2018September 6, 2021 lvrabec

CVE-2018-14665 : Xorg X Server Vulnerabilities vs. SELinux

SELinux

Hi All! There is a new interesting CVE. An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users

Read More
August 23, 2018September 5, 2021 lvrabec

How get file name from inode number?

Fedora, SELinux

Hi All, I will generate SELinux denial using following command: # cd /root ; passwd –help >& output.txt # ausearch -m AVC -ts recent type=AVC

Read More
July 16, 2018September 9, 2021 lvrabec

How to enable full auditing in audit daemon?

Fedora, SELinux

Full auditing in audit deamon could be useful e.g. to identify which object on system has too tight rules and object is causing dac_override SELinux

Read More
July 3, 2018September 5, 2021 lvrabec

Why do you see DAC_OVERRIDE SELinux denials?

Fedora, SELinux

Hello everyone! You could have seen SELinux denials (AVC messages) in your system in the recent release of Fedora 28 and of course Fedora Rawhide.

Read More
May 10, 2018September 5, 2021 lvrabec

Newest SELinux policy every day!

Fedora, SELinux

SELinux policy for Fedora Rawhide and Fedora 27 is changing very dynamically and new rules are appearing in SELinux policy repositories almost every day. New

Read More

Posts navigation

Older posts

About Me


Lukas Vrabec Photo
Lukas Vrabec is a product owner & SELinux technology evangelist at Red Hat. He is leading SELinux and Security Special Projects engineering teams. Lukas is a long-term Fedora contributor and Red Hat Enterprise Linux developer. He is the author of udica, the tool for generating custom SELinux profiles for containers.

More Articles

Red Hat Official Blog
Red Hat Sysadmin Blog

About This Site

This site is mainly about SELinux related topics, ideas, tips-tricks.

All Rights Reserved 2022
Proudly powered by WordPress | Theme: Gist by Candid Themes.