refpolicy
tiny-snitch
| refpolicy | tiny-snitch | |
|---|---|---|
| 7 | 9 | |
| 281 | 63 | |
| 0.4% | - | |
| 9.3 | 3.1 | |
| 4 days ago | 3 months ago | |
| Python | Go | |
| GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
refpolicy
-
SELinux policies for Alpine Linux
Distributions often start with the SELinux reference policy rather than starting from scratch.
-
SELinux is unmanageable; just turn it off if it gets in your way
really? I don't mean understand how to apply a new label. I mean understand what the policies are and how they work, be able to create new ones that apply to you, and verify that the ones given to you by the distro are correct for your use. You're saying this is not hard to understand: https://github.com/SELinuxProject/refpolicy/blob/master/poli... ?
Otherwise you are blindly applying some black box.
-
Which SELinux policy should you use?
selinux-refpolicy-src pulls from the original SELinux Project refpolicy repo and just install-src these, which just places all policies into appropriate directory and does nothing futher, i. e. doesn't compile them to make usable
-
Need help writing rules, please
https://github.com/SELinuxProject/refpolicy/blob/4412ad507c5880d9ff52fd376c23183cc9ae10b7/policy/support/misc_patterns.spt#L55
-
Wayland Keylogger (2021)
Of those distributions, only Fedora sets SELinux to enforcing by default. Moreover, AFAIK Fedora (+ RHEL and Android) are the only distributions that had wide testing of the reference policy [1] [2]. So, if you enable SELinux with the reference policy on the other distributions that you mention, it is likely that you will run into all kinds of issues.
[1] https://github.com/SELinuxProject/refpolicy
[2] https://github.com/fedora-selinux/selinux-policy
-
Switching from CentOS/RHEL to openSUSE as main enterprise OS, experiencies and general tips?
No default or reference policy is provided in openSUSE Leap. SELinux will not operate without a policy, so you must build and install one. The SELinux Reference Policy Project (https://github.com/SELinuxProject/refpolicy/wiki) should be helpful in providing examples and detailed information on creating your own policies, and this chapter also provides guidance on managing your SELinux policy.
-
Is this legit? SELinux is preventing login from getattr access on the filesystem /dev/shm.
Interesting. I don't have a red hat based system handy at the moment to compare since I'm on holiday. Maybe that's just how they set up shm? If you compare to Reference Policy, it appears that the getattr permission you asked about is granted there: https://github.com/SELinuxProject/refpolicy/blob/8a1bc98a31a9f2396f3c1389f43ffb10df31157f/policy/modules/system/systemd.te#L600
tiny-snitch
-
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall
i use a kind of tui. it is actually a gui, pops up fullscreen. you can’t click it though, just keypress interaction.
i agree with you. especially if i’m filtering all traffic, i need to be able to y/n quickly and easily.
https://github.com/nathants/tinysnitch#demo
-
Switch to VPC Endpoints from NAT Gateways to Reduce Bandwidth Charges
the libnetfilterqueue setup i use locally is here: https://github.com/nathants/tinysnitch
- an interactive firewall for inbound and outbound connections
- Show HN: An interactive firewall for inbound and outbound connections
- Ask HN: Have you created programs for only your personal use?
- Chrome 0day is being exploited now for CVE-2022-1096; update immediately
-
Wayland Keylogger (2021)
> There isn't even a single decent dynamic firewall with those annoying popups.
even benign apps that phone home like pulumi and terraform are fun to see and block with annoying popups.
monitoring egress really is the only realistic play. i rolled my own[1], inspired by opensnitch[2].
netfilter_queue is really great, and definitely makes annoying popup dynamic firewalls possible.
1. https://github.com/nathants/tinysnitch
What are some alternatives?
wayland-keylogger - Proof-of-concept Wayland keylogger
opensnitch - OpenSnitch is a GNU/Linux interactive application firewall inspired by Little Snitch.
selinux-policy-arch - SELinux policy with Arch Linux specific changes. Based on the refrence policy
dind - Docker in Docker
nitter - Alternative Twitter front-end
discovery-engine - Discover least permissive security posture, Network Microsegmentation, and Application behaviour based on visibility/observability data emitted from policy engines..
place
cascade - A high level language for SELinux policy
epanet-js - Model a water distribution network in JavaScript using the OWA-EPANET engine
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
ppp_thing - A poorly written, minimum viable PPPoE client with session handoff between redundant FreeBSD routers