Linux v6.15-rc1 was released today, and here is my quick summary of the LSM and SELinux changes sent up to Linus during the Linux v6.15 merge window.

(There were no audit patches queued up for Linux v6.15, but that should change for the next merge window.)

https://paul-moore.com/blog/d/2025/04/linux_v615_merge_window.html

This allows logrotate to execute log files.
What are legit reasons to allow this? And why those can not be solved just by using other normal context for executables?
https://github.com/fedora-selinux/selinux-policy/blame/383a653ea0f3f6690b6ee4dbf50bd5d1f35691cf/policy/modules/contrib/logrotate.te#L169C21-L169C21
#fedora #selinux

#SELinux exquisitely explained in 20 minutes . https://www.youtube.com/watch?v=LAgOPWOwUhA #security #Linux

Ah.. nothing beats spending 2 hour trying to create a simple #systemd service + timer + bash script to back up an sqlite database every week and it just not working because random permission issues just for selinux to be the culprit. Love how you need another tool to actually understand wtf #SELinux wants from you. #linux

I recently read my 8 year old daughter the #SELinux coloring book before school. I'm training up the next generation of #Linux adventurers!

Dieser Montag ist zu ruhig:

- 39 ungelesene Mails
- DATEV fully operational
- Monitoring still
- Keine weinenden User

So kann die #it nicht arbeiten, wir brauchen den Kick und Erfolgserlebnisse!

Tages-Spiel-Projekt: #selinux #mls. Wer da durchsteigt, bekommt diesen Monat 500€ Prämie aufs Gehalt. Manchmal muss man sich eben eine Beschäftigung aus den Fingern saugen

Let the hunger games begin

https://stopdisablingselinux.com/

New Episode: hpr4328 :: Use SELinux the easy way

You don't have to be an expert on SELinux to use it effectively

Hosted by Klaatu on Wednesday, 2025-03-05 is flagged as Clean and is released under a CC-BY-SA license.

Tags: #linux, #selinux, #permissions.

Today on the #HackerPublicRadio #Community #Podcast​

#HPR #CreativeCommons

https://hackerpublicradio.org/eps/hpr4328/index.html

Was ist eigentlich dieses #SElinux?

#chaos #GNU/linux #security #PoweredByRSS #talk

Würdet ihr bei einem Laptop #SELinux aktivieren oder nutzt ihr dort eher #AppArmor?
#followerpower

Ugh #SELinux is the worst. I'm sure it's 100% my lack of understanding it though. I have my installation scripts all worked out with #Rex. At first for #AlmaLinux 8 but also adapted it to 9.

I had it all working properly under 9, but this new VPS somehow mounts the root disk in read-only mode after a reboot when SELinux has been enabled.

I'm *really* tempted to just keep it in permissive mode and ignore it for the rest of my life.

Newsupdate 02/25 - #Python3.14, #FOSDEM 2025, #GNOME48 Beta, #KDE #Plasma6.3, #openSUSE und #SELinux - #FOCUS_ON: #Linux - #Podcast:

Python 3.14 und KDE Plasma 6.3 erscheinen, während sich der Umfang des kommenden GNOME 48 abzeichnet. Das SELFHTML-Projekt wird 30 Jahre alt und mit RePebble wird einem längst totgesagtem Projekt neues Leben eingehaucht. In der Kernel-Mailingliste entfacht ein Streit über Rust - mit Auswirkungen für das Kernel- und Asahi Linux-Projekt.

https://focusonlinux.podigee.io/147-newsupdate-0225-python-314-fosdem-2025-gnome-48-beta-kde-plasma-63-opensuse-und-selinux

February brought big changes to #openSUSE Tumbleweed! #SELinux is now the default MAC for new installs, while #Mesa 25.0 adds #Vulkan 1.4 support. Plus, #KDE Plasma 6.3 enhances fractional scaling and drawing tablet settings. https://news.opensuse.org/2025/02/27/tw-monthly-update-february/

@opensuse Tumbleweed rolling release moves from AppArmor to SELinux for its underlying security layer
https://www.linux-magazine.com/Online/News/openSUSE-Tumbleweed-Ditches-AppArmor-for-SELinux
#openSUSE #Tumbleweed #AppArmor #SELinux #Linux #OpenSource #distro #FOSS #security

So #opensuse switched to #selinux. Changing my systems works. Only Steam is not running, because selinux blocks boolean.
I have to admit, that I don't understand selinux. Is there a easy to understand tutorial? I don't want to mess around.
In the suse forum I found this solution:
sudo setsebool selinuxuser_execmod 1
..but with hint: If you understand the risks.

I don't understand the risc :)

#tar #rsync #selinux

При работе с tar-ом на сервере (например бэкапы), не забывайте, что этот архиватор может сохранять расширенные атрибуты файлов.

Например вот так:
```sh
# tar --selinux --acls --xattrs -cvf backup.tar /var/www/user/data
```

```sh
# tar --no-acls --no-selinux --no-xattrs -xvf backup.tar
```

Помните об этих параметрах при работе с сервером, где включён selinux.

rsync, также умеет работать с расширенными атрибутами файлов: -A для acl и -X для selinux:

```sh
$ rsync -e ssh -aAXHPv /home/user/web root@server.com:/var/www/user/data/
```

Neues von openSUSE
https://linuxnews.de/neues-von-opensuse/ #opensuse #sles #tumbleweed #apparmor #selinux #uefi

I hope #SELinux improved its usability since the last time I had to literally invoke Cthulhu to make it work in a moderately sane basis.

https://9to5linux.com/opensuse-replaces-apparmor-with-selinux-on-new-tumbleweed-installations

De 0 à #WordPress en full ansible, episode 6 ! À l'étable : https://twitch.tv/ahp_nils ! #sysadmin #devops #twitchfr #twitchstreamer #TwitchStreamers #linux #selinux

#openSUSE Adopts #SELinux as Default MAC (Mandatory Access Control) System on New #Tumbleweed Installations https://9to5linux.com/opensuse-replaces-apparmor-with-selinux-on-new-tumbleweed-installations

@opensuse #Linux #OpenSource