Mastodawn

Getting back to a more normal schedule, here is my highlight post for the LSM, SELinux, and audit changes that were recently merged into Linus' tree as part of the Linux v7.1 merge window.

https://paul-moore.com/blog/d/2026/04/linux_v71_merge_window.html

#lsm #selinux #audit

Paul Moore · Linux 7.1 Merge Window

Paul Moore 6d ago

Linus released Linux v7.0 a few hours ago, and while I didn't have the time to do a merge window highlight post, I did capture all of the LSM, SELinux, and audit highlights for Linux v7.0 in the post below.

https://paul-moore.com/blog/d/2026/04/linux_v70.html

#lsm #selinux #audit

Paul Moore · Linux 7.0 Released

Scott McCarty Apr 9

"Your Container Is Not a Sandbox" — an entire article on container security that never mentions SELinux. Not once. That's not an oversight, it's an agenda.

I'm not anti-microVM. But containers *do* contain. I run OpenClaw --read-only with SELinux enforcing. Add seccomp, dropped caps, user namespaces — defense in depth works.

https://emirb.github.io/blog/microvm-2026/

#containers #SELinux #microVMs #Linux #security

mxk Apr 8

At which point does security infrastructure become complex enough to be a security risk by itself?
Read this function and tell me you understood it at first glance.
https://elixir.bootlin.com/linux/v6.19.11/source/security/selinux/ss/services.c#L265

#Linux #SELinux

Making sure you're not a bot!

Show thread

gary Apr 6

@threatchain general purpose siem, malcolm ids, debian server, opnsense - good combo imo, good licensing,. I may just refactor and use 500gb drives so cost will not be the limiting factor, you can use debian blends too but even some of these specialized apps won't have included forensics-full and this has a ton of super usefull sw, when you have the persistence partition going corner case use cases can be covered better than say something like a bootable iso #rational clear case #mw #smw #yacy 3jenkins #ntop-ng #misp #cms #lamp server #sbom #addons #app armor #selinux #ufw #fail2ban #hardened debian #pentoo

Christian Mar 27

Selinux: Helped me in the past 30 years: 0 times. Annoyed me in that timeframe: INF. Times people tell me how awesome it is: also INF.

#linux #selinux

Show thread

Michael T Babcock Mar 25

@drscriptt so there I am on the phone with tech support for a database vendor and he explains that licensing isn't working because #SELinux is enabled, so I set it to permissive, log the errors, make an appropriate permissions list, compile and turn it back on.
He says "nobody in house has made it work with SELinux on" -- obviously none of them spent 15 minutes learning how to use the tools. Ugh. #rant

Show thread

Michael T Babcock Mar 25

@drscriptt @Madagascar_Sky @geerlingguy see also "just turn off #selinux" on every package.

Mx Rey (Fuck ICE) 💜 🏳️‍⚧️Mar 19

as god is my witness, i have no idea what caused this, what a chr_file is, why there's a fprintd process, what chr_file 059 is, or what i should do about this

if windows threw this error i would scan for viruses and reboot

maybe i need to reboot

#SELinux #Fedora