Med-Mastodon

TrisIf there's any job opening related to <a href="https://chaos.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>, let me know :) <a href="https://chaos.social/tags/getfedihired" class="mention hashtag" rel="nofollow noopener" target="_blank">#getfedihired</a> <a href="https://chaos.social/tags/redhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#redhat</a>

openSUSE LinuxFind out what happened in this <a href="https://fosstodon.org/tags/oSC25" class="mention hashtag" rel="nofollow noopener" target="_blank">#oSC25</a> talk about the switch of <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> as the default MAC system in <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> Tumbleweed, This talk will explore the shift from <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> and the lessons learned. A must-watch for those following system security! 🐧 <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://youtu.be/8wBLbhSjDwE?si=1fOBIHkq1KkU5ynV" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/8wBLbhSjDwE?si=1fOBIHkq1KkU5ynV</a>

Richard ChamberlainTried integrating ROS2 on Oracle Linux with SELinux—no go. Switched to AppArmor on Ubuntu—easier, yes. Effective? Not quite.colcon and AppArmor don’t play well together. Turns out, AppArmor’s simplicity can limit it in complex dev environments.Here’s my story, what didn’t work, and where I’m heading next: 🔗 <a href="https://richard-sebos.github.io/sebostechnology/posts/AppArmor-ROS2/" rel="nofollow noopener" translate="no" target="_blank">https://richard-sebos.github.io/sebostechnology/posts/AppArmor-ROS2/</a>Boosts appreciated if you think secure ROS2 needs better tooling. 🧵<a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a> <a href="https://mastodon.social/tags/ROS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#ROS2</a> <a href="https://mastodon.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> <a href="https://mastodon.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://mastodon.social/tags/Robotics" class="mention hashtag" rel="nofollow noopener" target="_blank">#Robotics</a>

openSUSE Linux<a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> becomes default on openSUSE! Learn how Mandatory Access Control evolves for Tumbleweed at the <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> Conference. 🔐 <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://events.opensuse.org/" rel="nofollow noopener" translate="no" target="_blank">https://events.opensuse.org/</a>

ricardo :mastodon:Fortifying <a href="https://fosstodon.org/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> With <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> by Enforcing Mandatory Access Control for Ultimate System Security <a href="https://www.linuxjournal.com/content/fortifying-debian-selinux-enforcing-mandatory-access-control-ultimate-system-security" rel="nofollow noopener" translate="no" target="_blank">https://www.linuxjournal.com/content/fortifying-debian-selinux-enforcing-mandatory-access-control-ultimate-system-security</a>

Rasmus LindegaardI am experimenting with MicroOS running btrfs and SELinux. I have some storage i use for Minecraft server data for instance, on the partition i have a directory with readonly snapshots. The server will not boot properly, because it's running auto relabeling and cannot relabel the readonly stuff. What's the correct way to handle this? I've tried mounting the partition in different locations, but it seems everything is targeted by the relabel<a href="https://fosstodon.org/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://fosstodon.org/tags/microos" class="mention hashtag" rel="nofollow noopener" target="_blank">#microos</a> <a href="https://fosstodon.org/tags/OpenSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSUSE</a>

TZLAnyone currently have a take on the <a href="https://mstdn.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> concerns of <a href="https://mstdn.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mstdn.social/tags/kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#kernel</a> user <a href="https://mstdn.social/tags/namespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#namespaces</a> <a href="https://mstdn.social/tags/usernamespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#usernamespaces</a>? I have been rereading into it wondering whether enabling or disabling is the best approach. They seem rather insignificant with considerable surface area for attack, from my understanding. However, more applications check for/need them nowadays.I think kernel <a href="https://mstdn.social/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#hardening</a> advice is still to disable. Makes me wonder if should e.g. be considered only if <a href="https://mstdn.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> / <a href="https://mstdn.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> is active.

Jan ☕🎼🎹☁️🏋️‍♂️Been testing out the <a href="https://fedi.kcore.org/tags/virtiofs" class="mention hashtag" rel="nofollow noopener" target="_blank">#virtiofs</a> support now baked into <a href="https://fedi.kcore.org/tags/proxmoxVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#proxmoxVE</a>. It works, had to do some <a href="https://fedi.kcore.org/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> adjustments on <a href="https://fedi.kcore.org/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#fedora</a> to allow my <a href="https://fedi.kcore.org/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#podman</a> containers to use the mountpoint. Added this policy``` (allow container_t unlabeled_t ( dir ( read write ))) ```In raw speed it is definitely not a winner - <a href="https://fedi.kcore.org/tags/nfs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nfs</a> is easily double the speed. But on this particular VM I don't need the speed - it is nice that this is all self-contained now, and I can actually remove NFS altogether.<a href="https://fedi.kcore.org/tags/proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#proxmox</a>

FurbyOnSteroidsAh.. nothing beats spending 2 hour trying to create a simple <a href="https://ohai.social/tags/systemd" class="mention hashtag" rel="nofollow noopener" target="_blank">#systemd</a> service + timer + bash script to back up an sqlite database every week and it just not working because random permission issues just for selinux to be the culprit. Love how you need another tool to actually understand wtf <a href="https://ohai.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> wants from you. <a href="https://ohai.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>

Scott Williams 🐧I recently read my 8 year old daughter the <a href="https://mastodon.online/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> coloring book before school. I'm training up the next generation of <a href="https://mastodon.online/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> adventurers!<a href="https://mastodon.online/tags/parenting" class="mention hashtag" rel="nofollow noopener" target="_blank">#parenting</a> <a href="https://mastodon.online/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedHat</a>

Marcus "MajorLinux" SummersJust had my first disagreement with a coworker.It was all about <a href="https://toot.majorshouse.com/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a>.Come to find out, the issue wasn't even about that.A file was just missing.I'm now sitting in my comfy chair trying to calm down.

Hacker Public RadioNew Episode: hpr4328 :: Use SELinux the easy wayYou don't have to be an expert on SELinux to use it effectivelyHosted by Klaatu on Wednesday, 2025-03-05 is flagged as Clean and is released under a CC-BY-SA license.Tags: <a href="https://infosec.exchange/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>, <a href="https://infosec.exchange/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>, <a href="https://infosec.exchange/tags/permissions" class="mention hashtag" rel="nofollow noopener" target="_blank">#permissions</a>. Today on the <a href="https://infosec.exchange/tags/HackerPublicRadio" class="mention hashtag" rel="nofollow noopener" target="_blank">#HackerPublicRadio</a> <a href="https://infosec.exchange/tags/Community" class="mention hashtag" rel="nofollow noopener" target="_blank">#Community</a> <a href="https://infosec.exchange/tags/Podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#Podcast</a><a href="https://infosec.exchange/tags/HPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#HPR</a> ❤️ <a href="https://infosec.exchange/tags/CreativeCommons" class="mention hashtag" rel="nofollow noopener" target="_blank">#CreativeCommons</a><a href="https://hackerpublicradio.org/eps/hpr4328/index.html" rel="nofollow noopener" translate="no" target="_blank">https://hackerpublicradio.org/eps/hpr4328/index.html</a>

Danathar<a href="https://fosstodon.org/@Htbaa" class="u-url mention" rel="nofollow noopener" target="_blank">@Htbaa</a> Don’t make Dan Walsh cry! <a href="https://stopdisablingselinux.com/" rel="nofollow noopener" translate="no" target="_blank">https://stopdisablingselinux.com/</a>I’m told he answers questions about selinux.<a href="https://twit.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://twit.social/tags/redhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#redhat</a> <a href="https://twit.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>

Christiaan KrasUgh <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> is the worst. I'm sure it's 100% my lack of understanding it though. I have my installation scripts all worked out with <a href="https://fosstodon.org/tags/Rex" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rex</a>. At first for <a href="https://fosstodon.org/tags/AlmaLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#AlmaLinux</a> 8 but also adapted it to 9.I had it all working properly under 9, but this new VPS somehow mounts the root disk in read-only mode after a reboot when SELinux has been enabled.I'm *really* tempted to just keep it in permissive mode and ignore it for the rest of my life.<a href="https://fosstodon.org/tags/VPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#VPS</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a>

Verfassungklage@troet.cafeNewsupdate 02/25 - <a href="https://troet.cafe/tags/Python3" class="mention hashtag" rel="nofollow noopener" target="_blank">#Python3</a>.14, <a href="https://troet.cafe/tags/FOSDEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSDEM</a> 2025, <a href="https://troet.cafe/tags/GNOME48" class="mention hashtag" rel="nofollow noopener" target="_blank">#GNOME48</a> Beta, <a href="https://troet.cafe/tags/KDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#KDE</a> <a href="https://troet.cafe/tags/Plasma6" class="mention hashtag" rel="nofollow noopener" target="_blank">#Plasma6</a>.3, <a href="https://troet.cafe/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> und <a href="https://troet.cafe/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> - <a href="https://troet.cafe/tags/FOCUS_ON" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOCUS_ON</a>: <a href="https://troet.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> - <a href="https://troet.cafe/tags/Podcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#Podcast</a>: Python 3.14 und KDE Plasma 6.3 erscheinen, während sich der Umfang des kommenden GNOME 48 abzeichnet. Das SELFHTML-Projekt wird 30 Jahre alt und mit RePebble wird einem längst totgesagtem Projekt neues Leben eingehaucht. In der Kernel-Mailingliste entfacht ein Streit über Rust - mit Auswirkungen für das Kernel- und Asahi Linux-Projekt. <a href="https://focusonlinux.podigee.io/147-newsupdate-0225-python-314-fosdem-2025-gnome-48-beta-kde-plasma-63-opensuse-und-selinux" rel="nofollow noopener" translate="no" target="_blank">https://focusonlinux.podigee.io/147-newsupdate-0225-python-314-fosdem-2025-gnome-48-beta-kde-plasma-63-opensuse-und-selinux</a>

openSUSE LinuxFebruary brought big changes to <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> Tumbleweed! <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> is now the default MAC for new installs, while <a href="https://fosstodon.org/tags/Mesa" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mesa</a> 25.0 adds <a href="https://fosstodon.org/tags/Vulkan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulkan</a> 1.4 support. Plus, <a href="https://fosstodon.org/tags/KDE" class="mention hashtag" rel="nofollow noopener" target="_blank">#KDE</a> Plasma 6.3 enhances fractional scaling and drawing tablet settings. 🎨🔍 <a href="https://news.opensuse.org/2025/02/27/tw-monthly-update-february/" rel="nofollow noopener" translate="no" target="_blank">https://news.opensuse.org/2025/02/27/tw-monthly-update-february/</a>

Linux Magazine<a href="https://fosstodon.org/@opensuse" class="u-url mention" rel="nofollow noopener" target="_blank">@opensuse</a> Tumbleweed rolling release moves from AppArmor to SELinux for its underlying security layer <a href="https://www.linux-magazine.com/Online/News/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux" rel="nofollow noopener" translate="no" target="_blank">https://www.linux-magazine.com/Online/News/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux</a> <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://fosstodon.org/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tumbleweed</a> <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSource</a> <a href="https://fosstodon.org/tags/distro" class="mention hashtag" rel="nofollow noopener" target="_blank">#distro</a> <a href="https://fosstodon.org/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

in ♥️ with PDA (and 🐧)So <a href="https://chaos.social/tags/opensuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensuse</a> switched to <a href="https://chaos.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>. Changing my systems works. Only Steam is not running, because selinux blocks boolean. I have to admit, that I don't understand selinux. Is there a easy to understand tutorial? I don't want to mess around. In the suse forum I found this solution: sudo setsebool selinuxuser_execmod 1 ..but with hint: If you understand the risks.I don't understand the risc :)

Who Let The Dogs Out 🐾<a href="https://mastodon.ml/tags/tar" class="mention hashtag" rel="nofollow noopener" target="_blank">#tar</a> <a href="https://mastodon.ml/tags/rsync" class="mention hashtag" rel="nofollow noopener" target="_blank">#rsync</a> <a href="https://mastodon.ml/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>При работе с tar-ом на сервере (например бэкапы), не забывайте, что этот архиватор может сохранять расширенные атрибуты файлов. Например вот так: ```sh # tar --selinux --acls --xattrs -cvf backup.tar /var/www/user/data ``````sh # tar --no-acls --no-selinux --no-xattrs -xvf backup.tar ```Помните об этих параметрах при работе с сервером, где включён selinux.rsync, также умеет работать с расширенными атрибутами файлов: -A для acl и -X для selinux:```sh $ rsync -e ssh -aAXHPv /home/user/web root@server.com:/var/www/user/data/ ```

LinuxNews.deNeues von openSUSE <a href="https://linuxnews.de/neues-von-opensuse/" rel="nofollow noopener" translate="no" target="_blank">https://linuxnews.de/neues-von-opensuse/</a> <a href="https://social.anoxinon.de/tags/opensuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensuse</a> <a href="https://social.anoxinon.de/tags/sles" class="mention hashtag" rel="nofollow noopener" target="_blank">#sles</a> <a href="https://social.anoxinon.de/tags/tumbleweed" class="mention hashtag" rel="nofollow noopener" target="_blank">#tumbleweed</a> <a href="https://social.anoxinon.de/tags/apparmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#apparmor</a> <a href="https://social.anoxinon.de/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://social.anoxinon.de/tags/uefi" class="mention hashtag" rel="nofollow noopener" target="_blank">#uefi</a>

Recent searches

Search options

Administered by:

Server stats:

#selinux