Language Selection

English French German Italian Portuguese Spanish

Gentoo Hardened SELinux state

Filed under
Gentoo
Software

Since last post, we’ve been working on the further stabilization and bug fixing of the SELinux policies within Gentoo Hardened. You might have noticed that we started working on the QA of the packages, like I promised in the last post. The binaries within selinux-base-policy are now published somewhere on blueness’ developer page since he’s proxy’ing all my commits until recruiters get the chance to pick up my recruitment bug. Other patches that are coming up will be published likewise as well if they get too big to be within the main Portage tree.

Next to the binaries, I’m currently checking if the SELinux policy packages can become EAPI-4 compliant (they’re currently still using EAPI-0). Same for the SELinux-specific packages, like policycoreutils, libsemanage, libselinux etc.

rest here




More in Tux Machines

Today in Techrights

Conferences and Kids

I've taken my daughter, now 13, to FOSDEM in Brussels every year that I had slots there. She isn't a geek, yet enjoys the crowds and the freebies. When I could, I also took my kids to other events, where I was speaking. In this post I'd like to capture my feelings about why children should be part of conferences, and what conferences can do to make this easier. First off, the "why?" Traditional conferences (in all domains, not just software) are boring, ritualized events where the participants compete to see who can send the most people to sleep at once. The real event starts later, over alcohol. It is a strictly adult affair, and what happens at the conf stays at the conf. Now our business is a little different. It is far more participative. Despite our history of finicky magic technologies that seem to attract mainly male brains, we strive for diversity, openness, broad tolerance. Most of what we learn and teach comes through informal channels. Finished is formal education, elitism, and formal credentials. We are smashing the barriers of distance, wealth, background, gender, and age. Read more

50 Essential Linux Applications

If you’re a refugee from Windows, you may be finding the Linux world slightly confusing, wondering how you can get the all same functionality you had in Windows, but still enjoy the freedom that Linux offers. Never fear! Linux is not some scary, difficult to use monster that’s only used by hackers and programmers, it’s actually becoming more and more user friendly every day. Read
more

today's leftovers

  • Debugging gnome-session problems on Ubuntu 14.04
  • Introducing snapd-glib
  • An awesome experience!
    GUADEC has been a week full of memorable moments. As my friend Rares mentioned in his post, our newcomers group was welcomed by friendly community members right as we arrived at the hotel. For someone who has never attended a similar event before, this really helped with getting into the conference atmosphere. In the first couple days of the conference, I found myself meeting a lot of people that I knew from IRC. It felt really nice to finally know the person behind the internet nick. I was especially excited about getting to meet my mentor, Carlos Soriano =). In between the presentations I also took the time to prepare my own lightning talk about compressed files in Nautilus. Speaking in front of the GNOME community for the first time was a unique experience.
  • Commvault Announces Support of Red Hat Virtualization 4 with Commvault Software
  • Modularity Infrastructure Design
    The purpose of our Modularity initiative is to support the building, maintaining, and shipping of modular things. So, in order to ensure these three requirements are met, we need to design a framework for building and composing the distribution. In terms of the framework, in general, we are concerned about the possibility of creating an exponential number of component combinations with independent lifecycles. That is, when the number of component combinations becomes too large, we will not be able to manage them. So that we don’t accidentally make our lives worse, we must limit the number of supported modules with a policy and provide infrastructure automation to reduce the amount of manual work required.
  • more, less, and a story of typical Unix fossilization
    In the beginning, by which we mean V7, Unix didn't have a pager at all. That was okay; Unix wasn't very visual in those days, partly because it was still sort of the era of the hard copy terminal. Then along came Berkeley and BSD. People at Berkeley were into CRT terminals, and so BSD Unix gave us things like vi and the first pager program, more (which showed up quite early, in 3BSD, although this isn't as early as vi, which appears in 2BSD). Calling a pager more is a little bit odd but it's a Unix type of name and from the beginning more prompted you with '--More--' at the bottom of the screen. All of the Unix vendors that based their work on BSD Unix (like Sun and DEC) naturally shipped versions of more along with the rest of the BSD programs, and so more spread around the BSD side of things. However, more was by no means the best pager ever; as you might expect, it was actually a bit primitive and lacking in features. So fairly early on Mark Nudelman wrote a pager with somewhat more features and it wound up being called less as somewhat of a joke. When less was distributed via Usenet's net.sources in 1985 it became immediately popular, as everyone could see that it was clearly nicer than more, and pretty soon it was reasonably ubiquitous on Unix machines (or at least ones that had some degree of access to stuff from Usenet). In 4.3 BSD, more itself picked up the 'page backwards' feature that had motived Mark Nudelman to write less, cf the 4.3BSD manpage, but this wasn't the only attraction of less. And this is where we get into Unix fossilization.
  • PNScan Linux Trojan Resurfaces with New Attacks Targeting Routers in India
    A trojan thought to have died out resurfaced with new attacks and a new and improved version, launching new attacks on routers running Linux-based firmware located in India's cyber-space.