equivocation: ambiguity or uncertainty of meaning in words; misapprehension arising from the ambiguity of terms; the using of a word or phrase in more than one sense. OED

The equivocation web site is primarily a set of personal notes about software, techniques, and other topics I find interesting or useful. Why is it called "equivocation"? Because descriptions of software and computer related techniques easily succumb to equivocation. I will endeavour to avoid this (although, I don't promise to succeeded).

Recent entries

An SElinux module (1): types and rules

In fedora the resources and files necessary for building new modular policies are in the devel directory under /usr/share/selinux/. This directory and all the files required for module development come from the fedora selinux-policy-devel rpm.

As an example, I am going to develop a policy module for the lighttpd http server, which is a "light" apache-like server.

Notes on SElinux: tools

There are a number of tools, both command line and graphical, that allow analysis, configuration, and changes to the running SElinux policy. I will summarise some of the most useful ones here. For further and more complete information, most have a man page. Many of these tools require appropriate privileges for accessing the SElinux configuration, policies and internals (e.g. usually root).

Regular expressions: a précis

Regular expressions are patterns describing text. For example, they can be particularly useful in describing parts of the file system where you are looking for or "matching" directories and files of a particular form. This can be useful for intrusion detection systems (e.g. you can describe types of files and directories that should never change, and types where certain changes can be ignored). It can also be useful in systems like SElinux. This is my quick reference/reminder on some of the regular expression syntax often used in these filesystem contexts.

Linux audit

The purpose of linux audit is to collect information regarding events occurring on the running system. It's function is a little like syslog (the older linux logging system) but it is much more configurable.

Notes on SElinux: policies and modules

A policy for SElinux contains all the definitions for user identities, object types, process types, and roles. It also contains all the rules that specify how types interact (see the notes on type enforcement). The ability to dynamically change or introduce new policy components into the current system policy is an important recent feature of SElinux. There are now self-contained policy modules that can be loaded and which safely interact with the currently active policy. In fact, loaded modules become part of the current active policy.

Syndicate content