1 views collected around this technical thread.
After CentOS 7 reaches end‑of‑life on June 30 2024, this guide explains why you must migrate, outlines three essential pre‑migration preparations, and provides detailed step‑by‑step commands to upgrade first to AlmaLinux 8 and then to AlmaLinux 9, including post‑migration checks and common pitfalls.
This guide walks through a comprehensive Linux hardening checklist for RHEL7, covering account locking, password policies, SSH port changes, SELinux activation, firewall tightening, and file attribute protections to elevate the system to a B1 security level.
This guide shows how to use Ansible to automate Linux sysctl parameter tuning, manage SELinux policies, and configure filesystem mount points, providing step‑by‑step examples and code snippets that simplify operations and improve system stability and security.
This guide details practical Linux hardening steps—including disabling SELinux, trimming startup services, applying the principle of least privilege, configuring sudo, synchronizing time, adjusting file descriptor limits, locking critical files, disabling ping, optimizing SSH, changing hostnames, and preventing destructive rm commands—to improve security and stability in production deployments.
The article explains how dynamically loaded dex files are optimized on Android 5.0 through 12—detailing AOT compilation via dex2oat, profile‑guided filters, runtime‑filter flags, class‑loader contexts, SELinux limits, and the use of PathClassLoader or the PMS performDexOptSecondary command to achieve performance comparable to installed APKs.
The article explains how a MySQL 5.7 service fails to start on a CentOS 7.9 server because SELinux blocks write access to err.log, walks through log inspection, strace tracing, SELinux context analysis, and provides a simple fix by disabling SELinux.
The article explains the Linux Security Module (LSM) framework, detailing its origins, hook‑based architecture, kernel integration points, initialization process, and how it enables flexible, non‑intrusive security enhancements such as SELinux, allowing multiple security modules to coexist within the Linux kernel.
This article investigates the Android dex2oat compilation restrictions introduced for targetSdkVersion ≥ 29, analyzes their impact on app performance, explores SELinux enforcement, and presents a practical solution using system commands and binder calls to trigger dex2oat compilation for both primary and secondary APKs, improving load and runtime speed.
This technical article investigates the Android 10+ dex2oat limitation that blocks app‑initiated compilation, analyzes its SELinux enforcement, and presents a practical solution using system commands and binder calls to trigger dex2oat for both primary and secondary APKs, achieving significant load‑time and runtime improvements.
The article explains SELinux’s origins, core architecture, mandatory access control mechanisms such as type enforcement and MLS, and how Android incorporates SELinux as SEAndroid—detailing its evolution from permissive to enforcing mode, policy file structure, Android O’s split policies, and example domain and object transitions.
This article explains how SELinux enforces mandatory access control on Linux, describes its three modes, shows how to view and modify SELinux contexts for MySQL processes and data directories, and provides step‑by‑step commands to add custom paths, logs, PID files, and ports while preserving system security.
This article provides a comprehensive tutorial on Docker's advanced security mechanisms, covering user namespace isolation, SELinux integration, PID limiting, and various kernel security tools, complete with command‑line demonstrations and configuration details for secure container deployments.
This guide explains how to permanently disable SELinux, temporarily change its mode, and provides a comprehensive tutorial on using iptables—including table concepts, basic commands, rule management, scripting, NAT configuration, and saving/restoring firewall rules—on Red Hat/CentOS Linux.