I’ve been writing SELinux policy these days. Again. This time for the Reference Policy.

I didn’t get any feedback back yet for my policy, which is quite disappointing. Still the number of violations on my systems has gone down a lot, so I might actually be able to run strict some time soon. Which would be a major step. Unfortunately, I still have a couple of things to sort out with the utilities. And every now and then there is a new violation - monthly cronjobs for example are not that easy to observe without playing around. ;-)

The Debian/Ubuntu packaging group is growing, and that means it’s bigger than the “pretty much nonexistant” it was just a short time ago.

Recent policy files I’ve written (which of course still contain bugs): dpkg, apt, tor, amavis, clamav.