FOSSASIA 2018 - SELinux Policy Development

A month ago was FOSSASIA 2018 and I got to give another talk about SELinux. Last years talk was only about the basics of how things SELinux works and labels and allow rules. This year covered more of the policy side of things. I went over now to write a Reference Policy module and did a quick demo. more ...



SELinux userspace 2.6 released

The SELinux userspace libraries and programs recently released version 2.6. I bumped them in Gentoo a couple days ago. They add a ton of new features, here are a few of the main points: more ...

SELinux desktop profile in Gentoo

SELinux desktop profiles came up on IRC earlier and I thought it might be a good idea to make a post about. Currently in gentoo there are only two selinux profiles: more ...

Trusted Boot Part 1

I finally managed to get tboot working in a way that makes sense to me. For those unfamiliar, tboot uses Intel's Trusted eXecution Technology to invoke a dynamic root of trust and then measure all the components you boot with (eg kernel and initrd). What took me ages to figure out was how one can upgrade kernels while keeping this chain working. more ...

Hello World

Hello World. I've been meaning to start a blog for a while but never got around to it. Russell Coker posted on the SELinux mailing list yesterday asking about Planet SELinux so I figured now is as good a time as any for starting one. more ...