Skip to content

Lukas Vrabec

Blogs from SELinux world!

November 2, 2018 Lukas

CVE-2018-14665 : Xorg X Server Vulnerabilities vs. SELinux

SELinux

Hi All! There is a new interesting CVE. An incorrect permission check for -modulepath and -logfile options when starting Xorg X server allows unprivileged users

Read More
August 23, 2018August 24, 2018 Lukas

How get file name from inode number?

Fedora, SELinux

Hi All, I will generate SELinux denial using following command: # cd /root ; passwd –help >& output.txt # ausearch -m AVC -ts recent type=AVC

Read More
July 16, 2018July 16, 2018 Lukas

How to enable full auditing in audit daemon?

Fedora, SELinux

Full auditing in audit deamon could be useful e.g. to identify which object on system has too tight rules and object is causing dac_override SELinux

Read More
July 3, 2018July 10, 2018 Lukas

Why do you see DAC_OVERRIDE SELinux denials?

Fedora, SELinux

Hello everyone! You could have seen SELinux denials (AVC messages) in your system in the recent release of Fedora 28 and of course Fedora Rawhide.

Read More
May 10, 2018May 10, 2018 Lukas

Newest SELinux policy every day!

Fedora, SELinux

SELinux policy for Fedora Rawhide and Fedora 27 is changing very dynamically and new rules are appearing in SELinux policy repositories almost every day. New

Read More
January 9, 2018May 10, 2018 Lukas

No more massive patches in selinux-policy rpm package

Fedora, SELinux

Hi SELinux folks, Building selinux-policy rpm package was quite complicated and confusing for developers because of massive patches against Tresys reference base and contrib repositories.

Read More
March 18, 2017 Lukas

Using rpm macros in product SELinux subpackages

Uncategorized

Some time ago, I published a post about shipping custom SELinux modules together with product as rpm subpackage. One of the stepsĀ  in shipping custom

Read More
March 18, 2017 Lukas

Shipping custom module using SELinux priorities

Uncategorized

Hello everyone! Some time ago I introduced first part of shipping own custom module with rpm package of your application. This solution allows you to

Read More
September 19, 2016May 10, 2018 Lukas

Creating local module quickly in CIL!

Fedora, SELinux

Welcome! Today, I’ll show you how to create local policy module for testing purposes or workaround while issue will be fixed in our distro selinux-policy.

Read More
August 17, 2016 Lukas

How to modify SELinux module from distro policy?

Uncategorized

Hi! Today, I’ll show you how to modify SELinux module from distro policy without rebuilding whole selinux-policy rpm package. This can be useful during testing

Read More

Posts navigation

Older posts
Newer posts

About me

Lukas Vrabec is a product owner & SELinux technology evangelist at Red Hat. He is leading SELinux and Security Special Projects engineering teams. Lukas is a long-term Fedora contributor and Red Hat Enterprise Linux developer. He is the author of udica, the tool for generating custom SELinux profiles for containers.

More Articles

Red Hat Official Blog

Red Hat Sysadmin Blog

About This Site

This site is mainly about SELinux related topics, ideas, tips-tricks.

Search

All Rights Reserved 2020
Proudly powered by WordPress | Theme: Gist by Candid Themes.