Home

SELinux

mod_passenger and SELinux

I was working on this and thought, why not share this? Here's my mod_passenger SELinux module, so that the custom passenger packages at http://www.kanarip.com/custom/ can be deployed on systems with SELinux enforcing the targeted policy:

module mod_passenger 0.3;

require {
    type httpd_t;

    # mod_passenger < 2.1
    class fifo_file { read write unlink create getattr };
    # mod_passenger >= 2.1
    class sock_file { read write unlink create getattr };
    type tmp_t;

    type lib_t;
    class file execute_no_trans;
}

#============= httpd_t ==============
allow httpd_t lib_t:file execute_no_trans;
allow httpd_t tmp_t:fifo_file { read write unlink create getattr };
allow httpd_t tmp_t:sock_file { read write unlink create getattr };

Hope you find some use for it, and of course, suggestions are more then welcome!

Publication in Linux on Blue

An article I've written has been published in the latest issue of the magazine "Linux on Blue". I've attached a scan of the pages -even though the magazine doesn't publish it's issues online it's a free magazine with about 7.000 copies being distributed with companies in the Netherlands so I don't think they'd mind me posting my own article.

Thema of this month's issue is Security on Linux, and so I've written a very high-level article on Security Enhanced Linux titled "Mandatory Access Control and Auditing", but the funny thing is the issue also has an article on AppArmor. Poor Novell...

Two new exciting workshops

Two new exciting workshops on the agenda, besides the one I've told you about before.

In the portfolio are, already:

  • Deploying Linux (that's the official title, it's all Cobbler under the hood, doh!)
  • Configuration Management (again, the official title, it's all Puppet under the hood)
  • Software Packaging (ohw I do like these official titles... This of course is just RPM Packaging)

The workshop on Free Software, Open Source and Open Standards is going to be repeated August 14th, this time the audience will be internal colleagues of the company I work for, rather then customers :P. This workshop demos a complete Office Automation and Infrastructure based on Free Software, Open Source and Open Standards, and you get to digg in and get your hands dirty (if you want to), or stay on the safe side of the desktop (behind the keyboard - clicky-di-click).

The first new workshop, scheduled August 25th, is going to set you up with expertise knowledge of, and hands on experience with... Security Enhanced Linux. That vague thing that is so awesome but bugz you once or twice too often before you silence it forever (by disabling it). After this workshop I bet you you will tell your grandma to enable the sweetness.

The second new and exciting workshop, scheduled September 25th, is on Pragmatic Source Code Management (or GIT, bwuhaha!). I have a shorter session planned as an introduction as to the why and when and how for Pragmatic SCM, in cooperation with the Programming- and Web-technology focus group (which I'm a part of as well), so this workshop is going to be great!

BTW, if you have any suggestions for either of these workshops, feel free to leave a comment!

Syndicate content