Collaborate Disseminate
Preamble
I’m an engineer at a small company that sells B2B software for various OSes, including RHEL. The software usually runs natively (as a statically compiled binary) and uses/accesses system resources like raw sockets, the /proc files… Continue reading Is it possible to include a fully-working SELinux policy with B2B software?
AFAIK, the few ways private information from gpg can get leaked to other users on a shared Linux machine is:
someone with root access can access gpg’s files
someone with root access can access gpg’s process memory
gpg process’s pages co… Continue reading gpg security on a shared Linux machine
My host is Fedora, and I want to add an extra layer of protection against 0day KVM/QEMU exploits that execute code on the host. For example there have been CVEs where if we run a specially crafted malicious windows executable on the window… Continue reading Can I use SELinux to add an extra layer of protection against 0-day VM escape exploits in KVM/QEMU?
So, I started read this thread: How trustworthy is SELinux?
And I remember reading on the Internet that there is a backdoor to SELinux (maybe like 5 to 7 years ago). My memory of such has never been falsified, such as to argue that I have … Continue reading Does SELinux have a backdoor?
So, I started read this thread: How trustworthy is SELinux?
And I remember reading on the Internet that there is a backdoor to SELinux (maybe like 5 to 7 years ago). My memory of such has never been falsified, such as to argue that I have … Continue reading Does SELinux have a backdoor?
I want to be able to instrument and analyze at a prebuilt server and get a list of every file read.
I would also like to determine which of those files were read by the kernel to execute a program, load a library or just read by an applica… Continue reading I would like to audit a unbuntu server to get a list of all files executed and all files read by the kernel [migrated]
I found some threads and articles with lots of info on this topic but I can’t seem to make sense of it just yet. I’m running Fedora workstation with secure boot and full disk encryption on an Asus tuf gaming x570 board and AMD Ryzen 7 PRO … Continue reading How do I disable "suspend to RAM", and enable "suspend to idle"? [migrated]
While running a VPS for shared hosting, I put the data for the various users and websites as /var/www/[USER]/public_html/[DOMAIN]/…. I’d like to make sure that one user cannot access data from another user. I run NGINX + PHP-FPM on CentO… Continue reading Prevent read access to other users’ files using SELinux
I have a problem running the CTF, despite it being based on Linux as demonstrated in the below image.
How do I run the CTF, and find the flag?
Continue reading I can’t run CTF challenge(ELF format) on linux to find the flag [closed]
SELinux users determine the SELinux roles a process can assume, which in turn determines the domain (type) it can get into. However, objects are also labelled with user:role:type, and only the type part is used for type enforcement.
Say I … Continue reading What’s the use of an object’s user and role in SELinux?