Been testing out the #virtiofs support now baked into #proxmoxVE. It works, had to do some #selinux adjustments on #fedora to allow my #podman containers to use the mountpoint. Added this policy
```
(allow container_t unlabeled_t ( dir ( read write )))
```
In raw speed it is definitely not a winner - #nfs is easily double the speed. But on this particular VM I don't need the speed - it is nice that this is all self-contained now, and I can actually remove NFS altogether.
Fuck you too, SELinux.
SELinux is preventing brltty from getattr access on the chr_file /dev/bus/usb/003/073.
Linux v6.15-rc1 was released today, and here is my quick summary of the LSM and SELinux changes sent up to Linus during the Linux v6.15 merge window.
(There were no audit patches queued up for Linux v6.15, but that should change for the next merge window.)
https://paul-moore.com/blog/d/2025/04/linux_v615_merge_window.html
This allows logrotate to execute log files.
What are legit reasons to allow this? And why those can not be solved just by using other normal context for executables?
https://github.com/fedora-selinux/selinux-policy/blame/383a653ea0f3f6690b6ee4dbf50bd5d1f35691cf/policy/modules/contrib/logrotate.te#L169C21-L169C21
#fedora #selinux
Dieser Montag ist zu ruhig:
- 39 ungelesene Mails
- DATEV fully operational 
- Monitoring still
- Keine weinenden User 
So kann die #it nicht arbeiten, wir brauchen den Kick und Erfolgserlebnisse!
Tages-Spiel-Projekt: #selinux #mls. Wer da durchsteigt, bekommt diesen Monat 500€ Prämie aufs Gehalt. Manchmal muss man sich eben eine Beschäftigung aus den Fingern saugen 
Let the hunger games begin 
Just had my first disagreement with a coworker.
It was all about #SELinux.
Come to find out, the issue wasn't even about that.
A file was just missing.
I'm now sitting in my comfy chair trying to calm down.
New Episode: hpr4328 :: Use SELinux the easy way
You don't have to be an expert on SELinux to use it effectively
Hosted by Klaatu on Wednesday, 2025-03-05 is flagged as Clean and is released under a CC-BY-SA license.
Tags: #linux, #selinux, #permissions.
Today on the #HackerPublicRadio #Community #Podcast
Was ist eigentlich dieses #SElinux?
@Htbaa Don’t make Dan Walsh cry!
https://stopdisablingselinux.com/
I’m told he answers questions about selinux.
Ugh #SELinux is the worst. I'm sure it's 100% my lack of understanding it though. I have my installation scripts all worked out with #Rex. At first for #AlmaLinux 8 but also adapted it to 9.
I had it all working properly under 9, but this new VPS somehow mounts the root disk in read-only mode after a reboot when SELinux has been enabled.
I'm *really* tempted to just keep it in permissive mode and ignore it for the rest of my life.
Newsupdate 02/25 - #Python3.14, #FOSDEM 2025, #GNOME48 Beta, #KDE #Plasma6.3, #openSUSE und #SELinux - #FOCUS_ON: #Linux - #Podcast:
Python 3.14 und KDE Plasma 6.3 erscheinen, während sich der Umfang des kommenden GNOME 48 abzeichnet. Das SELFHTML-Projekt wird 30 Jahre alt und mit RePebble wird einem längst totgesagtem Projekt neues Leben eingehaucht. In der Kernel-Mailingliste entfacht ein Streit über Rust - mit Auswirkungen für das Kernel- und Asahi Linux-Projekt.
@opensuse Tumbleweed rolling release moves from AppArmor to SELinux for its underlying security layer
https://www.linux-magazine.com/Online/News/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux
#openSUSE #Tumbleweed #AppArmor #SELinux #Linux #OpenSource #distro #FOSS #security
So #opensuse switched to #selinux. Changing my systems works. Only Steam is not running, because selinux blocks boolean.
I have to admit, that I don't understand selinux. Is there a easy to understand tutorial? I don't want to mess around.
In the suse forum I found this solution:
sudo setsebool selinuxuser_execmod 1
..but with hint: If you understand the risks.
I don't understand the risc :)
Do you plan on doing more #SELinux hardening than #Fedora does?
Because how it is, SELinux on Fedora just makes #run0 a pain to use, while user processes are all unconfined, making it pretty pointless.
Or do you plan on making it user friendly?
There are many issues with #Flatpak that should be addressed. Alternatively, #UID #Sandboxing using #SimpleSandbox and SELinux could be used, which is way simpler and more secure, but relies on native packages
I hope #SELinux improved its usability since the last time I had to literally invoke Cthulhu to make it work in a moderately sane basis.
https://9to5linux.com/opensuse-replaces-apparmor-with-selinux-on-new-tumbleweed-installations
De 0 à #WordPress en full ansible, episode 6 ! À l'étable : https://twitch.tv/ahp_nils ! #sysadmin #devops #twitchfr #twitchstreamer #TwitchStreamers #linux #selinux
#openSUSE Adopts #SELinux as Default MAC (Mandatory Access Control) System on New #Tumbleweed Installations https://9to5linux.com/opensuse-replaces-apparmor-with-selinux-on-new-tumbleweed-installations
with PDA (and 
