[B! selinux] kgbuã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

kgbu id:kgbu

selinuxã«é–¢ã™ã‚‹kgbuã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯ (80)

${{author_name}}$

{{author_name}} {{created}}

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

${{author_name}}$
{{author_name}}{{created}}
{{ #comment }}{{ comment }}{{ /comment }}
- {{ label }}

{{#following_bookmarks}}

${{author_name}}$

{{author_name}} {{created}}

{{{comment_expanded}}}

{{label}}

{{#is_bookmark}}ãƒªã‚¹ãƒˆ{{/is_bookmark}}{{^is_bookmark}}ãƒªãƒ³ã‚¯{{/is_bookmark}}

{{/following_bookmarks}}

{{/is_wiped}}

audit2allow ? Why not audit2dontaudit?
kgbu 2010/02/26
ç…©ã„ãƒã‚°ã‚’æ¢ã‚ãŸã„ã€ã‘ã‚Œã©securityã¯ä¸‹ã’ãŸããªã„ã€‚ãã‚“ãªã¨ãdontauditã™ã‚‹ãƒ„ãƒ¼ãƒ«ãŒã‚ã‚Œã°ãªãã€ã¨ã„ã†å¸Œæœ›ã‚’ã‹ãªãˆã‚‹è©±ã€ãªã®ã‹ã—ã‚‰ã€‚

selinux

tips

knowhow

security

ã‚µãƒ¼ãƒç®¡ç†

ã‚ã¨ã§èªã‚€

tutorial

linux
ãƒªãƒ³ã‚¯
Why doen't SELinux give me the full path in an error message?
kgbu 2010/01/26
selinux

knowhow

debug

tool

security

ã‚µãƒ¼ãƒç®¡ç†

ã‚ã¨ã§èªã‚€

ã„ã¾ã•ã‚‰è¨Šã‘ãªã„
ãƒªãƒ³ã‚¯
SELinux and guestfish
kgbu 2010/01/16
selinux

security

virtualization

guestfish

ã‚ã¨ã§èªã‚€
ãƒªãƒ³ã‚¯
Cool things with SELinux... Introducing sandbox -X
kgbu 2010/01/16
selinux

sand box

security

software

ã‚ã¨ã§èª¿ã¹ãŸã„

ã„ã¾ã•ã‚‰è¨Šã‘ãªã„
ãƒªãƒ³ã‚¯
Tip: Autorelabel a VM
kgbu 2010/01/14
RHEL6ã®Î±ç‰ˆã§ã®guestfishã¨selinuxã®troubleshootã‚‰ã—ã„

selinux

virtualization

software

knowhow

redhat

ã‚ã¨ã§èªã‚€
ãƒªãƒ³ã‚¯
More on guestfish and SELinux
kgbu 2010/01/14
Richard Jonesä½œã®guestfishã«ã¤ã„ã¦ã®ãƒãƒªã‚·ãƒ¼ã®è©±ã‚‰ã—ã„

virtualization

selinux

security

OS

linux

knowhow

ã‚ã¨ã§èªã‚€
ãƒªãƒ³ã‚¯
Secure Virtualization Using SELinux (sVirt)
kgbu 2009/08/25
security

selinux

virtualization

ã‚ã¨ã§èªã‚€

linux
ãƒªãƒ³ã‚¯
Understanding SELinux
kgbu 2009/07/17
ã‚ã‚‹ã¹ãã¨ã“ã‚ã«ãƒ‡ãƒ¼ã‚¿ã‚’ç½®ã‘ã€ã¨ã„ã†ãƒ«ãƒ¼ãƒ«ï¼ˆbest practice)ã®é›†ç©ãŒSELinuxã§ã‚ã‚‹ã£ã¦ã„ã†è©±ã€‚å•é¡ŒãŒèµ·ã“ã£ãŸã¨ãã«ãƒ«ãƒ¼ãƒ«ã«ç›²å¾“ã™ã‚‹ã‹ã€ãƒ«ãƒ¼ãƒ«ã‚’æ›²ã’ã‚‹ã‹ã€ãƒ«ãƒ¼ãƒ«ã‚’ç†è§£ã™ã‚‹ã‹ã®é•ã„ãŒã‚ã‚‹ã€‚

security

knowhow

selinux

ã‚µãƒ¼ãƒç®¡ç†

ã‚ã‚‹ã‚ã‚‹

tutorial
ãƒªãƒ³ã‚¯
What's new in Fedora 11 from SELinux
kgbu 2009/06/18
Fedora 11ã§å°Žå…¥ã•ã‚ŒãŸSELinuxã®æ–°æ©Ÿèƒ½ãªã©ã®ãƒªã‚¹ãƒˆã€‚ãã‚Œãžã‚Œã€Dan Walshã®è¨˜äº‹ã¸ã®ãƒªãƒ³ã‚¯ã‚‚ã‚ã‚‹ã€‚

fedora

selinux

technology

security

ã¾ã¨ã‚

linux

OS

software

ã‚ã¨ã§èª¿ã¹ãŸã„
ãƒªãƒ³ã‚¯
Introducing the SELinux Sandbox
The other day some of my colleagues and I were discussing a recent request for the Linux Kernel to add "security sandbox" functionality.Â We talked about how we could do this with SELinux.Â The discussions brought up an old Bug report of my about writing policy for the "little things".Â SELinux does a great job of confining System Services, but what about applications executed by users. Â The bug r
kgbu 2009/05/27
ã‚µãƒ¼ãƒã®ç®¡ç†è€…ã§ã¯ãªãã€ãƒ¦ãƒ¼ã‚¶ãŒæ‰±ã†ãƒãƒªã‚·ãƒ¼ã¨ãã®ãƒ„ãƒ¼ãƒ«ã«ã¤ã„ã¦ã®è©±ã‚‰ã—ã„

ã‚ã¨ã§èªã‚€

selinux

security

tool

software

sand box

fedora

UI

ã‚µãƒ¼ãƒç®¡ç†
ãƒªãƒ³ã‚¯
PECL :: Package :: selinux
kgbu 2009/03/11
PHPã‹ã‚‰SELinuxã‚’ã„ã˜ã‚Œã‚‹statusã®å–å¾—ã¨ã‹ã€ï¼ˆè¨±å¯ã•ã‚Œã¦ã„ã‚‹ãªã‚‰)è¨å®šå¤‰æ›´ã¨ã‹ã€‚SELinuxã«è§¦ã‚Œã‚‹ã«ã¯ã¡ã‚‡ã†ã©ã„ã„ã‹ã‚‚

selinux

opensource

php

library

programming

ã‚ã¨ã§è©¦ã™

ãŠã‚‚ã—ã‚ã„
ãƒªãƒ³ã‚¯
selinux-policy-minimum
kgbu 2009/02/20
ã¡ã‚‡ã£ã¨SELinuxã‚’è©¦ã—ã¦ã¿ãŸã„å‘ãã«ã¯ç¾åœ¨ã®targetedãªã©ã¯å¤§ãã™ãŽã‚‹ã€‚è³‡æºãŒé™ã‚‰ã‚ŒãŸç’°å¢ƒå‘ã‘ã«minimumãªãƒãƒªã‚·ãƒ¼ã‚’ã©ã†ã‚„ã£ã¦ä½œã‚‹ã‹ã€ã¨ã„ã†è©±ã€‚

selinux

security

é–‹ç™ºç’°å¢ƒ

ã‚ã¨ã§èªã‚€

çµ„ã¿è¾¼ã¿

knowhow

tutorial
ãƒªãƒ³ã‚¯
The incredible shrinking SELinux footprint
kgbu 2009/01/28
100MBã‚’è¶…ãˆã¦ã„ãŸSELinuxã®policy moduleã‚’Fedora 11ã®SElinuxã§ã¯åœ§ç¸®ã—ãŸã¾ã¾å–ã‚Šæ‰±ãˆã‚‹ã‚ˆã†ã«ã—ãŸã“ã¨ã§ã€10MBç¨‹åº¦ã¾ã§å°ã•ãã§ããŸãã†ã ã€‚

selinux

ã‚µãƒ¼ãƒæ§‹ç¯‰

çµ„ã¿è¾¼ã¿

deployment

åœ§ç¸®
ãƒªãƒ³ã‚¯
Redesign of setroubleshooter.
kgbu 2009/01/24
setroubleshooterãŒãƒ¡ãƒ¢ãƒªé£Ÿã„ãªã®ã§ã€Fedora11(rawhide)ã«å…¥ã‚Œã‚‹ã¹ãä¿®æ£ã‚’ã—ãŸã¨ã„ã†è©±ã€‚å…¨é¢çš„ãªæ›¸ãæ›ãˆã§ã¯ãªã„ã‚ˆã†ã ã€‚

selinux

fedora

security

linux

software

tool

programming

Python

cè¨€èªž

ã‚ã¨ã§èªã‚€

tuning
ãƒªãƒ³ã‚¯
SELinuxã§ã„ã‚ã„ã‚ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ï¼ãƒªã‚¹ãƒˆã‚¢ã—ã¦ã¿ãŸâ€• ï¼ IT
ç¬¬2å›ž SELinuxã§ã„ã‚ã„ã‚ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ï¼ãƒªã‚¹ãƒˆã‚¢ã—ã¦ã¿ãŸ é¢ å’Œæ¯… ã‚µã‚¤ã‚ªã‚¹ãƒ†ã‚¯ãƒŽãƒã‚¸ãƒ¼æ ªå¼ä¼šç¤¾ OSSãƒ†ã‚¯ãƒŽãƒã‚¸ãƒ¼ã‚»ãƒ³ã‚¿ãƒ¼ é–‹ç™ºæ”¯æ´ã‚°ãƒ«ãƒ¼ãƒ— ã‚°ãƒ«ãƒ¼ãƒ—ãƒžãƒãƒ¼ã‚¸ãƒ£ãƒ¼ 2007/6/20 ä»Šå›žã¯ã€å‰å›žã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ã—ãŸPloneï¼Zopeã®ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ç®¡ç†ã‚·ã‚¹ãƒ†ãƒ ã‚’åŸºã«ã€SELinuxã‚’æœ‰åŠ¹ã«ã—ãŸå ´åˆã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã«é–¢ã—ã¦è€ƒå¯Ÿã—ã¦ã¿ã¾ã—ã‚‡ã†ã€‚å¼•ãç¶šãã€å‰å›žä½œæˆã—ãŸCentOS 4.4ï¼‹Ploneç”¨ã«ã‚«ã‚¹ã‚¿ãƒžã‚¤ã‚ºã—ãŸSELinuxã‚’ç”¨ã„ã¾ã™ã€‚ SELinuxã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã«ã“ã ã‚ã‚‹ç†ç”± ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ï¼ãƒªã‚¹ãƒˆã‚¢ã¯Linuxé‹ç”¨ã®åŸºç¤Žã®åŸºç¤Žã§ã¯ï¼Ÿ ã¨æ€ã‚ã‚ŒãŸã‹ã‚‚ã—ã‚Œã¾ã›ã‚“ã€‚ã‚ãˆã¦SELinuxã®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ã«ã“ã ã‚ã£ãŸç†ç”±ã¯ã€SELinuxã«ã¯ãƒ•ã‚¡ã‚¤ãƒ«ã‚·ã‚¹ãƒ†ãƒ ä¸Šã§ã€Œæ‹¡å¼µå±žæ€§ï¼ˆXATTRï¼‰ã€æƒ…å ±ã‚’æŒã¤ã¨ã„ã†ç‰¹å¾´ãŒã‚ã‚‹ã‹ã‚‰ã§ã™ã€‚ å¾“ã£ã¦å®Ÿéš›ã«é‹ç”¨ã—ã¦ã„ãã†ãˆã§ã¯ã€å„ç¨®ãƒãƒƒã‚¯ã‚¢ãƒƒãƒ—ãƒ—ãƒã‚°ãƒ©ãƒ ã«ã‚ˆã£ã¦å–
kgbu 2008/12/22
SELinuxã®æ¨©é™ãªã©ã®æƒ…å ±ãŒé–¢ä¿‚ã™ã‚‹å ´åˆã€ã‚„ã£ã±ã‚Šdump/restoreãŒæœ‰åŠ¹ã‚‰ã—ã„

ã‚µãƒ¼ãƒç®¡ç†

backup

selinux

linux

ã„ã¾ã•ã‚‰è¨Šã‘ãªã„

ã‚ã¨ã§è©¦ã™
ãƒªãƒ³ã‚¯
ã‚»ã‚ãƒ¥ã‚¢ï¼¯ï¼³ã®è½ã¨ã—ç©´
[evil@gateway.example.com ~] $ ssh [email protected] root:$1$d8kgaeX7$PqJEIeNsGAGPw4WwiVy0C/:14217:0:99999:7::: bin:*:14189:0:99999:7::: daemon:*:14189:0:99999:7::: adm:*:14189:0:99999:7::: lp:*:14189:0:99999:7::: sync:*:14189:0:99999:7::: shutdown:*:14189:0:99999:7::: halt:*:14189:0:99999:7::: mail:*:14189:0:99999:7::: news:*:14189:0:99999:7::: uucp:*:14189:0:99999:7::: operator:*:14189:0:9
kgbu 2008/12/06
Web application Firewallã¨ä¼¼ã¦ã„ã‚‹ã€ã¨ã„ã†èª¬æ˜Žã¯è¨€ã„ãˆã¦å¦™ã ã¨æ€ãˆã‚‹ã‚ˆã†ã«ãªã£ãŸã€‚Tomoyo Linuxã¯Server Application Firewallãªã®ã ã£ãŸã€‚è¡Œå„€ã®æ‚ªã„ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã‚’ä½¿ã†å¿…è¦ãŒã‚ã‚Œã°æ¤œè¨Žã®è¦ã‚¢ãƒªã ãªã€‚

ã„ã¾ã•ã‚‰è¨Šã‘ãªã„

security

TOMOYO Linux

selinux

ãã‚‚ãã‚‚

white list

WAF

linux

kernel
ãƒªãƒ³ã‚¯
Security-Enhanced Linux
Dominick GriftTechnical editor for the Introduction, SELinux Contexts, Targeted Policy, Working with SELinux, Confining Users, and Troubleshooting chapters.
kgbu 2008/11/26
ã‚„ã£ã¨ã§ããŸã€‚SELinuxã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚¬ã‚¤ãƒ‰

document

selinux

manual

ãŠå½¹ç«‹ã¡

knowhow

linux

security

OS

ã¾ã¨ã‚

ã‚ã¨ã§èªã‚€
ãƒªãƒ³ã‚¯
SVirt - SELinux Wiki
Overview sVirt is a community project which integrates Mandatory Access Control (MAC) security and Linux-based virtualization (KVM, lguest et al). sVirt was created by James Morris Resources Presentations "sVirt: Hardening Linux Virtualization with Mandatory Access Control" presented at linux.conf.au 2009 Code drops v0.10 v0.20 v0.30 Now merged into upstream libvirt. Requirements analysis v1.0 Pro
kgbu 2008/11/04
ã¾ã å®Ÿé¨“çš„ãªãƒ—ãƒã‚¸ã‚§ã‚¯ãƒˆã®ã‚ˆã†ã ãŒã€ä»®æƒ³åŒ–ã®ã‚·ã‚¹ãƒ†ãƒ ã«ã¤ã„ã¦ã€SELinuxã®ãƒ©ãƒ™ãƒ«ä»˜ã‘ã‚’ã©ã†ã™ã‚‹ã‹ã¨ã„ã†ã“ã¨ã®å…·ä½“çš„ãªå®Ÿè£…ã‚‰ã—ã„ã€‚

selinux

virtualization

security

Virtual machine

linux

xen
ãƒªãƒ³ã‚¯
Security vs Usability
kgbu 2008/10/24
Xenã«ã‚‚ã‚»ã‚ãƒ¥ãƒªãƒ†ã‚£ãƒ›ãƒ¼ãƒ«ã¯ã‚ã‚‹ã€‚ãã‚Œã«å¯¾ã™ã‚‹äºˆé˜²æŽªç½®ã¨ã—ã¦SELinuxã‚’ä½¿ã£ã¦ã‚‚ã‚‰ã†ã«ã¯ã€ãƒ¦ãƒ¼ã‚¶ã‚„é–‹ç™ºè€…ã®åˆ©ä¾¿æ€§ã‚’ãªã„ãŒã—ã‚ã«ã—ã¦ã¯è©±ãŒé€²ã¾ãªã„ã€‚ã‘ã‚Œã©æœ€å¾Œã¯ãã¡ã‚“ã¨ã—ãŸãƒ©ãƒ™ãƒ«ä»˜ã‘ãŒãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã«ãªã‚‹ã¹ãã

xen

selinux

linux

vulnerability
ãƒªãƒ³ã‚¯
Adventures with a certain Xen vulnerability (in the PVFB backend) version 1.0 Rafal Wojtczuk Invisible Things Lab [email protected] October 14, 2008 1 Introduction This paper documents the research by the author to understand the nature of and
kgbu 2008/10/24
Xenã®æ”»æ’ƒæ–¹æ³•ãªã©ã€‚SELinuxã«ã‚ˆã£ã¦é˜²ã’ã‚‹ã‚±ãƒ¼ã‚¹ã‚‚ã‚ã‚‹ã‚ˆã†ã ã€‚

vulnerability

xen

virtualization

security

security hole

tutorial

ã‚ã¨ã§èªã‚€

selinux
ãƒªãƒ³ã‚¯
1 2 3 4 æ¬¡ã®ãƒšãƒ¼ã‚¸

ãŠçŸ¥ã‚‰ã›

ã‚‚ã£ã¨èªã‚€

å…¬å¼Twitter

@HatenaBookmark
ãƒªãƒªãƒ¼ã‚¹ã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“ã‚¹ã®ãŠçŸ¥ã‚‰ã›
@hatebu
æœ€æ–°ã®äººæ°—ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã®é…ä¿¡

ã‚ãƒ¼ãƒœãƒ¼ãƒ‰ã‚·ãƒ§ãƒ¼ãƒˆã‚«ãƒƒãƒˆä¸€è¦§

jæ¬¡ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

kå‰ã®ãƒ–ãƒƒã‚¯ãƒžãƒ¼ã‚¯

lã‚ã¨ã§èªã‚€

eã‚³ãƒ¡ãƒ³ãƒˆä¸€è¦§ã‚’é–‹ã

oãƒšãƒ¼ã‚¸ã‚’é–‹ã

è¨å®šã‚’å¤‰æ›´ã—ã¾ã—ãŸx