MastodonTech.de

TrisIf there's any job opening related to <a href="https://chaos.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>, let me know :) <a href="https://chaos.social/tags/getfedihired" class="mention hashtag" rel="nofollow noopener" target="_blank">#getfedihired</a> <a href="https://chaos.social/tags/redhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#redhat</a>

🚀 Несерьёзный Выдумщик 👨‍🔬Хорошая и <a href="https://habr.com/ru/articles/541190/" rel="nofollow noopener" target="_blank">годная статья</a> про безопасность <a href="https://shitpost.poridge.club/tags/Android" rel="nofollow noopener" target="_blank">#Android</a> устройств с разблокированным загрузчиком. Детально и подробно, с разных сторон разобран процесс загрузки Android-систем нескольких версий, включая <a href="https://shitpost.poridge.club/tags/LineageOS" rel="nofollow noopener" target="_blank">#LineageOS</a> и виды сборок прошивок. Рассмотрен подход к работе <a href="https://shitpost.poridge.club/tags/Magisk" rel="nofollow noopener" target="_blank">#Magisk</a> и варианты получения root'а разными средствами с учётом контекстов <a href="https://shitpost.poridge.club/tags/SELinux" rel="nofollow noopener" target="_blank">#SELinux</a>, а так же работа через <a href="https://shitpost.poridge.club/tags/adb" rel="nofollow noopener" target="_blank">#adb</a> (в каких случаях имеет root'привелегии). Статья большая, но полезная с точки зрения «получить представление» без упрощений, а с техническими деталями. TL;DR Глупо выключать устройство, когда остаётся без присмотра, а описываемый сценарий не касается уже работающего (загруженного полностью, включённого) девайса. Если же устройство неожиданно оказалось выключенным, то нельзя включать и вводить пин\пароль. Сперва надо проверить содержимое разделов (на тот или иной вариант «нагрузки»). Т.е. включать через <code>fastboot</code>, прошивать заново рекавери (<a href="https://shitpost.poridge.club/tags/TWRP" rel="nofollow noopener" target="_blank">#TWRP</a> или <a href="https://shitpost.poridge.club/tags/OrangeFox" rel="nofollow noopener" target="_blank">#OrangeFox</a>) и прошерстить\восстановить разделы. Очень наглядно видно зачем в ОС нужны такие вещи как mandatory access control (MAC): • <a href="https://shitpost.poridge.club/tags/SELinux" rel="nofollow noopener" target="_blank">#SELinux</a> (авторство АНБ США), • <a href="https://shitpost.poridge.club/tags/AppArmor" rel="nofollow noopener" target="_blank">#AppArmor</a> (via Novell & Immunix), • российский аналог в AstraLinux. На статью навёл <a href="https://social.openhood.ru/@sun_rise" class="u-url mention" rel="nofollow noopener" target="_blank">@sun_rise@social.openhood.ru</a> <a href="https://shitpost.poridge.club/tags/AndroidSecurity" rel="nofollow noopener" target="_blank">#AndroidSecurity</a> <a href="https://shitpost.poridge.club/tags/MAC" rel="nofollow noopener" target="_blank">#MAC</a> <a href="https://shitpost.poridge.club/tags/security" rel="nofollow noopener" target="_blank">#security</a> <a href="https://shitpost.poridge.club/tags/privacy" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://mastodon.social/@russian_mastodon" class="u-url mention" rel="nofollow noopener" target="_blank">@russian_mastodon@mastodon.social</a> <a href="https://3zi.ru/@Russia" class="u-url mention" rel="nofollow noopener" target="_blank">@Russia@3zi.ru</a> <a href="https://social.sley.nl/@rur" class="u-url mention" rel="nofollow noopener" target="_blank">@rur@social.sley.nl</a>

Nate Metzger0 days since it was <a href="https://mastodon.alphapuggle.dev/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>

Patrick Wu :neocat_flag_bi:spend way too much time on properly configure Waydroid on Linux... had to setup additional SELinux module and some special settings for GPU (Fuck You nVidia) <a href="https://hatoya.cafe/tags/linux" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://hatoya.cafe/tags/selinux" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://hatoya.cafe/tags/fedora" rel="nofollow noopener" target="_blank">#fedora</a> <a href="https://hatoya.cafe/tags/nvidia" rel="nofollow noopener" target="_blank">#nvidia</a> <a href="https://hatoya.cafe/tags/waydroid" rel="nofollow noopener" target="_blank">#waydroid</a> <a href="https://hatoya.cafe/tags/android" rel="nofollow noopener" target="_blank">#android</a>

openSUSE LinuxFind out what happened in this <a href="https://fosstodon.org/tags/oSC25" class="mention hashtag" rel="nofollow noopener" target="_blank">#oSC25</a> talk about the switch of <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> as the default MAC system in <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> Tumbleweed, This talk will explore the shift from <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> and the lessons learned. A must-watch for those following system security! 🐧 <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://youtu.be/8wBLbhSjDwE?si=1fOBIHkq1KkU5ynV" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/8wBLbhSjDwE?si=1fOBIHkq1KkU5ynV</a>

Kai 🇪🇺And now for the good part. <a href="https://norden.social/tags/opensuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensuse</a> <a href="https://norden.social/tags/oSC25" class="mention hashtag" rel="nofollow noopener" target="_blank">#oSC25</a> <a href="https://norden.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>

Geekland¿Qué es SELinux, qué función cumple y por qué es importante para Linux? <a href="https://mastodon.social/tags/distros" class="mention hashtag" rel="nofollow noopener" target="_blank">#distros</a> <a href="https://mastodon.social/tags/control_de_acceso" class="mention hashtag" rel="nofollow noopener" target="_blank">#control_de_acceso</a> <a href="https://mastodon.social/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#fedora</a> <a href="https://mastodon.social/tags/pol%C3%ADticas_de_seguridad" class="mention hashtag" rel="nofollow noopener" target="_blank">#políticas_de_seguridad</a> <a href="https://mastodon.social/tags/red_hat" class="mention hashtag" rel="nofollow noopener" target="_blank">#red_hat</a> <a href="https://mastodon.social/tags/rhel" class="mention hashtag" rel="nofollow noopener" target="_blank">#rhel</a> <a href="https://mastodon.social/tags/seguridad_linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#seguridad_linux</a> <a href="https://mastodon.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://notilinux.com/que-es-selinux-y-que-funcion-cumple/" rel="nofollow noopener" translate="no" target="_blank">https://notilinux.com/que-es-selinux-y-que-funcion-cumple/</a>

Jody Lemoine 🇨🇦My mother-in-law got us this nice little hand towel when she went to Italy. It has all various Italian cities and towns printed along its edge, but folds in •just• the right place to cut one off. Being the network/infosec geek that I am, my subconscious completion is •not• Selinunte. 🙂 <a href="https://hachyderm.io/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> <a href="https://hachyderm.io/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>

Thorsten Leemhuis (acct. 1/4)'"[…] <a href="https://hachyderm.io/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> stops all access unless allowed by policy. […] Before the SELinux 3.6 userspace version, it was not possible to drop any access already allowed in the base SELinux policy or in a module. […] The changes in the latest SELinux userspace release 3.6 introduced support for deny rules. They are documented in Access Vector Rules: "Remove the access rights defined from any matching allow rules.""'<a href="https://developers.redhat.com/articles/2025/06/04/how-selinux-deny-rules-improve-system-security" rel="nofollow noopener" translate="no" target="_blank">https://developers.redhat.com/articles/2025/06/04/how-selinux-deny-rules-improve-system-security</a>

Richard ChamberlainTried integrating ROS2 on Oracle Linux with SELinux—no go. Switched to AppArmor on Ubuntu—easier, yes. Effective? Not quite.colcon and AppArmor don’t play well together. Turns out, AppArmor’s simplicity can limit it in complex dev environments.Here’s my story, what didn’t work, and where I’m heading next: 🔗 <a href="https://richard-sebos.github.io/sebostechnology/posts/AppArmor-ROS2/" rel="nofollow noopener" translate="no" target="_blank">https://richard-sebos.github.io/sebostechnology/posts/AppArmor-ROS2/</a>Boosts appreciated if you think secure ROS2 needs better tooling. 🧵<a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a> <a href="https://mastodon.social/tags/ROS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#ROS2</a> <a href="https://mastodon.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> <a href="https://mastodon.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://mastodon.social/tags/Robotics" class="mention hashtag" rel="nofollow noopener" target="_blank">#Robotics</a>

Johannes KastlThe AlmaLinux and Fedora setups set SELINUX to permissive, until I find time to allow the right port in selinux...<a href="https://digitalcourage.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://digitalcourage.social/tags/adminlife" class="mention hashtag" rel="nofollow noopener" target="_blank">#adminlife</a>

Paul MooreThe Linux v6.16 merge window is open and I've written up the LSM, SELinux, and audit highlights that have been merged into Linus' tree.<a href="https://paul-moore.com/blog/d/2025/05/linux_v616_merge_window.html" rel="nofollow noopener" translate="no" target="_blank">https://paul-moore.com/blog/d/2025/05/linux_v616_merge_window.html</a><a href="https://hachyderm.io/tags/lsm" class="mention hashtag" rel="nofollow noopener" target="_blank">#lsm</a> <a href="https://hachyderm.io/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://hachyderm.io/tags/audit" class="mention hashtag" rel="nofollow noopener" target="_blank">#audit</a>

openSUSE Linux<a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> becomes default on openSUSE! Learn how Mandatory Access Control evolves for Tumbleweed at the <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> Conference. 🔐 <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://events.opensuse.org/" rel="nofollow noopener" translate="no" target="_blank">https://events.opensuse.org/</a>

ricardo :mastodon:Fortifying <a href="https://fosstodon.org/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> With <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> by Enforcing Mandatory Access Control for Ultimate System Security <a href="https://www.linuxjournal.com/content/fortifying-debian-selinux-enforcing-mandatory-access-control-ultimate-system-security" rel="nofollow noopener" translate="no" target="_blank">https://www.linuxjournal.com/content/fortifying-debian-selinux-enforcing-mandatory-access-control-ultimate-system-security</a>

Jeff Fortin T. (風の庭園のNekohayo)As <a href="https://mastodon.social/tags/NetworkManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetworkManager</a>'s <a href="https://mastodon.social/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSH</a> VPN/tunnel plugin has now been ported to GTK4 and works directly from the <a href="https://mastodon.social/tags/GNOME" class="mention hashtag" rel="nofollow noopener" target="_blank">#GNOME</a> Control Center panel, I thought I'd finally try it out.Once you figure out that you must only fill the gateway field, leave all IPs fields alone, tweak stuff in the Advanced dialog to have a working SOCKS proxy with "no tunnel", then it "works"… as long as you use the standard SSH port.With SSH server ports other than 22, it fails on <a href="https://mastodon.social/tags/Fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fedora</a>… due to <a href="https://mastodon.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> 🤦<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1808435#c10" rel="nofollow noopener" translate="no" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1808435#c10</a>

Jan ☕🎼🎹☁️🏋️‍♂️Been testing out the <a href="https://fedi.kcore.org/tags/virtiofs" class="mention hashtag" rel="nofollow noopener" target="_blank">#virtiofs</a> support now baked into <a href="https://fedi.kcore.org/tags/proxmoxVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#proxmoxVE</a>. It works, had to do some <a href="https://fedi.kcore.org/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> adjustments on <a href="https://fedi.kcore.org/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#fedora</a> to allow my <a href="https://fedi.kcore.org/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#podman</a> containers to use the mountpoint. Added this policy``` (allow container_t unlabeled_t ( dir ( read write ))) ```In raw speed it is definitely not a winner - <a href="https://fedi.kcore.org/tags/nfs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nfs</a> is easily double the speed. But on this particular VM I don't need the speed - it is nice that this is all self-contained now, and I can actually remove NFS altogether.<a href="https://fedi.kcore.org/tags/proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#proxmox</a>

Devin Prater :blind:Fuck you too, SELinux.SELinux is preventing brltty from getattr access on the chr_file /dev/bus/usb/003/073.<a href="https://tweesecake.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://tweesecake.social/tags/SeLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SeLinux</a> <a href="https://tweesecake.social/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#fedora</a> <a href="https://tweesecake.social/tags/blind" class="mention hashtag" rel="nofollow noopener" target="_blank">#blind</a> <a href="https://tweesecake.social/tags/brltty" class="mention hashtag" rel="nofollow noopener" target="_blank">#brltty</a> <a href="https://tweesecake.social/tags/accessibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#accessibility</a>

Paul MooreLinux v6.15-rc1 was released today, and here is my quick summary of the LSM and SELinux changes sent up to Linus during the Linux v6.15 merge window.(There were no audit patches queued up for Linux v6.15, but that should change for the next merge window.)<a href="https://paul-moore.com/blog/d/2025/04/linux_v615_merge_window.html" rel="nofollow noopener" translate="no" target="_blank">https://paul-moore.com/blog/d/2025/04/linux_v615_merge_window.html</a><a href="https://fosstodon.org/tags/lsm" class="mention hashtag" rel="nofollow noopener" target="_blank">#lsm</a> <a href="https://fosstodon.org/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://fosstodon.org/tags/audit" class="mention hashtag" rel="nofollow noopener" target="_blank">#audit</a>

MaageThis allows logrotate to execute log files. What are legit reasons to allow this? And why those can not be solved just by using other normal context for executables? <a href="https://github.com/fedora-selinux/selinux-policy/blame/383a653ea0f3f6690b6ee4dbf50bd5d1f35691cf/policy/modules/contrib/logrotate.te#L169C21-L169C21" rel="nofollow noopener" translate="no" target="_blank">https://github.com/fedora-selinux/selinux-policy/blame/383a653ea0f3f6690b6ee4dbf50bd5d1f35691cf/policy/modules/contrib/logrotate.te#L169C21-L169C21</a> <a href="https://infosec.exchange/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#fedora</a> <a href="https://infosec.exchange/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>

Nsukami _ | 巣神<a href="https://mastodon.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> exquisitely explained in 20 minutes . <a href="https://www.youtube.com/watch?v=LAgOPWOwUhA" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=LAgOPWOwUhA</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#selinux