equivocation: ambiguity or uncertainty of meaning in words; misapprehension arising from the ambiguity of terms; the using of a word or phrase in more than one sense. OED

The equivocation web site is primarily a set of personal notes about software, techniques, and other topics I find interesting or useful. Why is it called "equivocation"? Because descriptions of software and computer related techniques easily succumb to equivocation. I will endeavour to avoid this (although, I don't promise to succeeded).

Recent entries

BAWStats drupal module

I am creating a drupal module that uses the Better AWstats php code as a back end for access to, and display of, AWStats web statistics data. I have a working prototype which I have sent to Oliver (the developer of the better awstats) and hopefully we can come up with a "better awstats" release that includes a drupal module by default.

Notes on SElinux: Multi-Category Security

SElinux, and Mandatory Access Control (MAC) in general, is complex. In some sense it mirrors the complexity of the underlying software and system it is protecting. It is not very system user friendly, and it is certainly not end user friendly. Adding additional complexity such as Multi-Level Security (MLS) makes the situation considerably worse. Most system administrators would like their end users not even to know MAC is present.

An SElinux module (4): building and debugging

Having written the type enforcemnt, interface and file context files the next step is to put them together into a single policy module. This is done by "compiling" the three files into a single policy file that can be inserted into the complete SElinux policy. Once inserted, the process of debugging the module begins.

An SElinux module (3): interfaces

When creating the type enforcement rules for lighttpd (part 1) we used a lot of interfaces to other modules and policies. For example, we used the interface provided by the apache module to allow the lighttpd module access to all the same system web content (labelled with the type httpd_sys_content_t). This, and all the other interfaces we used, not only made this module easier to write but also make it robust to changes in any of the other modules.

An SElinux module (2): file contexts and labelling

Having created a number of file types in part (1), we need to specify which parts of the filesystem are labelled with these types. The file types created were lighttpd_exec_t, lighttpd_config_t, lighttpd_modules_t, lighttpd_log_t and lighttpd_var_run_t. All of these types belong to files in very specific locations. For example, the lighttpd_exec_t type should label only the lighttpd executable (at /usr/sbin/lighttpd).

Syndicate content