Nick Mark, MD @nick

Lars Marowsky-Brée 😷I have *sincere* doubts whether SELinux truly improves security on a Linux desktop, or whether it is just a royal PITA.Because clearly, an openvpn script wanting to drop in a dnsmasq config files & reload a systemd service should be this fun.Just how many people do y'all think don't just swat this with "selinux=0" and move on with our lives?(Outside the group of people developing SELinux or distribution maintainers.)<a href="https://mastodon.online/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.online/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a>

openSUSE Linux<a href="https://fosstodon.org/tags/Leap" class="mention hashtag" rel="nofollow noopener" target="_blank">#Leap</a> 16.0 now defaults to <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a>, <a href="https://fosstodon.org/tags/Myrlyn" class="mention hashtag" rel="nofollow noopener" target="_blank">#Myrlyn</a> + <a href="https://fosstodon.org/tags/Cockpit" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cockpit</a> step in for <a href="https://fosstodon.org/tags/YaST" class="mention hashtag" rel="nofollow noopener" target="_blank">#YaST</a>, & <a href="https://fosstodon.org/tags/zypper" class="mention hashtag" rel="nofollow noopener" target="_blank">#zypper</a> has parallel <a href="https://fosstodon.org/tags/repo" class="mention hashtag" rel="nofollow noopener" target="_blank">#repo</a> downloads. <a href="https://fosstodon.org/tags/Xfce" class="mention hashtag" rel="nofollow noopener" target="_blank">#Xfce</a> users on <a href="https://fosstodon.org/tags/Wayland" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wayland</a> can enjoy greetd/gtkgreet instead of <a href="https://fosstodon.org/tags/LightDM" class="mention hashtag" rel="nofollow noopener" target="_blank">#LightDM</a>—ideal for modern minimalists. <a href="https://news.opensuse.org/2025/08/04/leap-16-rc/" rel="nofollow noopener" translate="no" target="_blank">https://news.opensuse.org/2025/08/04/leap-16-rc/</a>

Jan Wildeboer 😷:krulorange:Welcome to the family, OpenSUSE Leap! Finally :) The 16.0 Release Candidate makes it official. <a href="https://social.wildeboer.net/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> becomes the default.<a href="https://news.opensuse.org/2025/08/04/leap-16-rc/" rel="nofollow noopener" translate="no" target="_blank">https://news.opensuse.org/2025/08/04/leap-16-rc/</a>

9Lukas5 🚂 🐧Fedora SELinux

Miha MarkičAny expert on <a href="https://mastodon.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> over here? I need to create a custom (file) type and a custom domain, make type accessible only from said domain.

TrisIf there's any job opening related to <a href="https://chaos.social/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a>, let me know :) <a href="https://chaos.social/tags/getfedihired" class="mention hashtag" rel="nofollow noopener" target="_blank">#getfedihired</a> <a href="https://chaos.social/tags/redhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#redhat</a>

openSUSE LinuxFind out what happened in this <a href="https://fosstodon.org/tags/oSC25" class="mention hashtag" rel="nofollow noopener" target="_blank">#oSC25</a> talk about the switch of <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> as the default MAC system in <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> Tumbleweed, This talk will explore the shift from <a href="https://fosstodon.org/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> and the lessons learned. A must-watch for those following system security! 🐧 <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> <a href="https://youtu.be/8wBLbhSjDwE?si=1fOBIHkq1KkU5ynV" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/8wBLbhSjDwE?si=1fOBIHkq1KkU5ynV</a>

Richard ChamberlainTried integrating ROS2 on Oracle Linux with SELinux—no go. Switched to AppArmor on Ubuntu—easier, yes. Effective? Not quite.colcon and AppArmor don’t play well together. Turns out, AppArmor’s simplicity can limit it in complex dev environments.Here’s my story, what didn’t work, and where I’m heading next: 🔗 <a href="https://richard-sebos.github.io/sebostechnology/posts/AppArmor-ROS2/" rel="nofollow noopener" translate="no" target="_blank">https://richard-sebos.github.io/sebostechnology/posts/AppArmor-ROS2/</a>Boosts appreciated if you think secure ROS2 needs better tooling. 🧵<a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://mastodon.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FOSS</a> <a href="https://mastodon.social/tags/ROS2" class="mention hashtag" rel="nofollow noopener" target="_blank">#ROS2</a> <a href="https://mastodon.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> <a href="https://mastodon.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://mastodon.social/tags/Robotics" class="mention hashtag" rel="nofollow noopener" target="_blank">#Robotics</a>

openSUSE Linux<a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> becomes default on openSUSE! Learn how Mandatory Access Control evolves for Tumbleweed at the <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#openSUSE</a> Conference. 🔐 <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> <a href="https://fosstodon.org/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://events.opensuse.org/" rel="nofollow noopener" translate="no" target="_blank">https://events.opensuse.org/</a>

ricardo :mastodon:Fortifying <a href="https://fosstodon.org/tags/Debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Debian</a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> With <a href="https://fosstodon.org/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> by Enforcing Mandatory Access Control for Ultimate System Security <a href="https://www.linuxjournal.com/content/fortifying-debian-selinux-enforcing-mandatory-access-control-ultimate-system-security" rel="nofollow noopener" translate="no" target="_blank">https://www.linuxjournal.com/content/fortifying-debian-selinux-enforcing-mandatory-access-control-ultimate-system-security</a>

Rasmus LindegaardI am experimenting with MicroOS running btrfs and SELinux. I have some storage i use for Minecraft server data for instance, on the partition i have a directory with readonly snapshots. The server will not boot properly, because it's running auto relabeling and cannot relabel the readonly stuff. What's the correct way to handle this? I've tried mounting the partition in different locations, but it seems everything is targeted by the relabel<a href="https://fosstodon.org/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> <a href="https://fosstodon.org/tags/microos" class="mention hashtag" rel="nofollow noopener" target="_blank">#microos</a> <a href="https://fosstodon.org/tags/OpenSUSE" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenSUSE</a>

TZLAnyone currently have a take on the <a href="https://mstdn.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> concerns of <a href="https://mstdn.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mstdn.social/tags/kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#kernel</a> user <a href="https://mstdn.social/tags/namespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#namespaces</a> <a href="https://mstdn.social/tags/usernamespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#usernamespaces</a>? I have been rereading into it wondering whether enabling or disabling is the best approach. They seem rather insignificant with considerable surface area for attack, from my understanding. However, more applications check for/need them nowadays.I think kernel <a href="https://mstdn.social/tags/hardening" class="mention hashtag" rel="nofollow noopener" target="_blank">#hardening</a> advice is still to disable. Makes me wonder if should e.g. be considered only if <a href="https://mstdn.social/tags/AppArmor" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppArmor</a> / <a href="https://mstdn.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> is active.

Jan ☕🎼🎹☁️🏋️‍♂️Been testing out the <a href="https://fedi.kcore.org/tags/virtiofs" class="mention hashtag" rel="nofollow noopener" target="_blank">#virtiofs</a> support now baked into <a href="https://fedi.kcore.org/tags/proxmoxVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#proxmoxVE</a>. It works, had to do some <a href="https://fedi.kcore.org/tags/selinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#selinux</a> adjustments on <a href="https://fedi.kcore.org/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#fedora</a> to allow my <a href="https://fedi.kcore.org/tags/podman" class="mention hashtag" rel="nofollow noopener" target="_blank">#podman</a> containers to use the mountpoint. Added this policy``` (allow container_t unlabeled_t ( dir ( read write ))) ```In raw speed it is definitely not a winner - <a href="https://fedi.kcore.org/tags/nfs" class="mention hashtag" rel="nofollow noopener" target="_blank">#nfs</a> is easily double the speed. But on this particular VM I don't need the speed - it is nice that this is all self-contained now, and I can actually remove NFS altogether.<a href="https://fedi.kcore.org/tags/proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#proxmox</a>

FurbyOnSteroidsAh.. nothing beats spending 2 hour trying to create a simple <a href="https://ohai.social/tags/systemd" class="mention hashtag" rel="nofollow noopener" target="_blank">#systemd</a> service + timer + bash script to back up an sqlite database every week and it just not working because random permission issues just for selinux to be the culprit. Love how you need another tool to actually understand wtf <a href="https://ohai.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> wants from you. <a href="https://ohai.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a>

Scott Williams 🐧I recently read my 8 year old daughter the <a href="https://mastodon.online/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#SELinux</a> coloring book before school. I'm training up the next generation of <a href="https://mastodon.online/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> adventurers!<a href="https://mastodon.online/tags/parenting" class="mention hashtag" rel="nofollow noopener" target="_blank">#parenting</a> <a href="https://mastodon.online/tags/RedHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedHat</a>

**Marcus "MajorLinux" Summers** @majorlinux@toot.majorshouse.com · Mar 5

Mar 5

Marcus "MajorLinux" Summers @majorlinux@toot.majorshouse.com

Just had my first disagreement with a coworker.

It was all about #SELinux.

Come to find out, the issue wasn't even about that.

A file was just missing.

I'm now sitting in my comfy chair trying to calm down.

**Hacker Public Radio** @hpr@infosec.exchange · Mar 5

Mar 5

Hacker Public Radio @hpr@infosec.exchange

New Episode: hpr4328 :: Use SELinux the easy way

You don't have to be an expert on SELinux to use it effectively

Hosted by Klaatu on Wednesday, 2025-03-05 is flagged as Clean and is released under a CC-BY-SA license.

Tags: #linux, #selinux, #permissions.

Today on the #HackerPublicRadio #Community #Podcast

#HPR #CreativeCommons

https://hackerpublicradio.org/eps/hpr4328/index.html

hackerpublicradio.orgHacker Public Radio ~ The Technology Community PodcastHacker Public Radio is a podcast that releases shows every weekday Monday through Friday. Our shows are produced by the community (you) and can be on any topic that is of interest to hackers and hobbyists.

Replied to Christiaan Kras

**Danathar** @Danathar@twit.social · Feb 28

Feb 28

Danathar @Danathar@twit.social

@Htbaa Don’t make Dan Walsh cry!

https://stopdisablingselinux.com/

I’m told he answers questions about selinux.

stopdisablingselinux.comStop Disabling SELinux

#selinux #redhat #linux

**Christiaan Kras** @Htbaa@fosstodon.org · Feb 28

Feb 28

Christiaan Kras @Htbaa@fosstodon.org

Ugh #SELinux is the worst. I'm sure it's 100% my lack of understanding it though. I have my installation scripts all worked out with #Rex. At first for #AlmaLinux 8 but also adapted it to 9.

I had it all working properly under 9, but this new VPS somehow mounts the root disk in read-only mode after a reboot when SELinux has been enabled.

I'm *really* tempted to just keep it in permissive mode and ignore it for the rest of my life.

#VPS #Linux

**Verfassungklage@troet.cafe** @Verfassungklage@troet.cafe · Feb 28

Feb 28

Verfassungklage@troet.cafe @Verfassungklage@troet.cafe

Newsupdate 02/25 - #Python3.14, #FOSDEM 2025, #GNOME48 Beta, #KDE #Plasma6.3, #openSUSE und #SELinux - #FOCUS_ON: #Linux - #Podcast:

Python 3.14 und KDE Plasma 6.3 erscheinen, während sich der Umfang des kommenden GNOME 48 abzeichnet. Das SELFHTML-Projekt wird 30 Jahre alt und mit RePebble wird einem längst totgesagtem Projekt neues Leben eingehaucht. In der Kernel-Mailingliste entfacht ein Streit über Rust - mit Auswirkungen für das Kernel- und Asahi Linux-Projekt.

https://focusonlinux.podigee.io/147-newsupdate-0225-python-314-fosdem-2025-gnome-48-beta-kde-plasma-63-opensuse-und-selinux

FOCUS ON: LinuxNewsupdate 02/25 - Python 3.14, FOSDEM 2025, GNOME 48 Beta, KDE Plasma 6.3, openSUSE und SELinuxPython 3.14 und KDE Plasma 6.3 erscheinen, während sich der Umfang des kommenden GNOME 48 abzeichnet. Das SELFHTML-Projekt wird 30 Jahre alt und mit RePebble wird einem längst totgesagtem Projekt neues Leben eingehaucht. In der Kernel-Mailingliste entfacht ein Streit über Rust - mit Auswirkungen für das Kernel- und Asahi Linux-Projekt.

Recent searches

Search options

Administered by:

Server stats:

#selinux