SELinux resources

Posted: March 27th, 2006 | Filed under: Uncategorized | No Comments »

Novell recently cranked up their marketing machine for AppArmour, claiming its technical design provides for greater ease of administration, development & customization than found with SELinux. While AppArmour FAQ admits that SELinux’s model of file security labels is superior to their own path based control, it makes the dubious assertion that a labelled security model is harder to administer. While it is true that the tools for SELinux did not previously provide an easy way to change the specs for file labels, as I previously discussed the introduction of the semanage tool in Fedora Core 5 has changed all that. It is now trival to update file security label definitions. So at this time any problem with SELinux is not one of design or implementation, but rather documentation & awareness of the progress made in SELinux development over the past 2 years or so. To that end here are a selection of useful documentation resources

Perl bindings for libvirt

Posted: March 27th, 2006 | Filed under: libvirt, Virt Tools | 1 Comment »

I had a couple of hours spare, so I put together a set of Perl bindings
for libvirt. I’m currently calling the module Sys::Virt which seems to
be the most appropriate location in the CPAN namespace, but I’m open to
suggestions if people think that sucks. I’ve currently got near 100%
coverage of the C APIs, but not exposed all the static constants yet.
There are a couple of trivial example programs illustrating use of the
API for extracting info about domains.

For now you can grab a snapshot of the source for the binding using
Mercurial from the URL http://hg.berrange.com/libraries/sys-virt/. When I’ve tested it more completely I’ll upload it to CPAN.