Polyinstantiation of directories in an SE Linux system

Notes I presented this paper at the 2006 SAGE-AU conference. Abstract This paper describes the problems related to shared directories such as /tmp and /var/tmp as well as problems related to having multiple SE Linux security contexts used for accessing a single home directory. It then provides detailed information on the solution to this problem […]


Maildir Bulletin

This program is designed to deliver bulletin messages to thousands of users on a system. If you want to deliver mail to a large number of people to be read through POP or a local email program (such as mutt) then the traditional approach has been to setup an alias to map to all the […]


Benchmarking Mail Relays and Forwarders

Notes I presented this paper at the OSDC conference in 2006. The main page for my Postal benchmark is at http://doc.coker.com.au/projects/postal/. My blog posts about benchmarking can be found at http://etbe.coker.com.au/category/benchmark/. Abstract Postal is a mail server benchmark that I wrote. The main components of it are postal for testing the delivery of mail via […]


SE Debian: how to make NSA SE Linux work in a distribution

Notes I presented this paper at Ottawa Linux Symposium (OLS) 2002. Since that time the acceptance of SE Linux in Debian was significantly less than I expected. But the acceptance in Red Hat Enterprise Linux and Fedora has been quite good. http://lsm.immunix.org/ is defunct, since about 2004. I corrected the URLs for the NSA papers […]


Running the Net After a Collapse

I’ve been thinking about what we need in Australia to preserve the free software community in the face of an economic collapse (let’s not pretend that the US can collapse without taking Australia down too). For current practices of using the Internet and developing free software to continue it seems that we need the following […]


Partitioning a Server with NSA SE Linux

Notes I presented this paper at Linux Kongress 2002. Since that time virtualisation systems based around VMWare, Xen, and the hardware virtualisation in recent AMD and Intel CPUs has really taken off. The wide range of virtualisation options makes this paper mostly obsolete, and what isn’t obsoleted by that is obsoleted by new developments in […]


SE Linux Saves

Here are links to some instances when SE Linux prevented exploits from working or mitigated their damage:


Going Live with a Linux Server

Based on past mistakes by myself and others, here is a check-list before putting a Linux (or other Unix) server online: Run memtest86+ (or an equivalent program for other architectures) before going live, ideally run it before installing the OS. Run it again every time you upgrade the RAM. Reboot the machine after every significant […]


Personal SEO

One problem many people encounter is the fact that they don’t appear on Google and other search engines the way that they like. If you have an uncommon name which is not referenced in any popular web pages then a single mention in a popular site can immediately become the top hit, this may not […]


How to Report an Email Problem

In my work I often receive problem reports from clients regarding their email service, here is some advice to help get the problem fixed as fast as possible: Firstly problems sending mail and problems receiving mail are often unconnected and should be reported separately. If only one aspect of a problem is reported then probably […]