My list of must-see sessions at Red Hat Summit 2016

The Red Hat Summit starts this week in San Francisco, and a few folks asked me about the sessions that they shouldn’t miss. The schedule can be overwhelming for first timers and it can be difficult at times to discern the technical sessions from the ones that are more sales-oriented. If you’re in San Francisco, and you want to learn a bit more about using Ansible to manage OpenStack environments, come to the session that I am co-presenting with Robyn Bergeron: When flexibility met simplicity: The friendship of OpenStack and Ansible.
Read more →

New SELinux shirts are available

With the upcoming Red Hat Summit 2016 in San Francisco almost upon us, I decided to update the old SELinux shirts with two new designs: You can buy these now over at Spreadshirt! There are styles there for men and women and I’ve priced them as low as the store will allow. Spreadshirt is also running a sale for 15% off T-shirts until June 21st with the code TSHIRT16. Let’s make SELinux enforcing again!
Read more →

Research Paper: Securing Linux Containers

It seems like there’s a new way to run containers every week. The advantages and drawbacks of each approach are argued about on mailing lists, in IRC channels, and in person, around the world. However, the largest amount of confusion seems to be around security. Launching secure containers I’ve written about launching secure containers on this blog many times before: Launch secure LXC containers on Fedora 20 using SELinux and sVirt Improving LXC template security Try out LXC with an Ansible playbook CoreOS vs.
Read more →

Allow new windows to steal focus in GNOME 3

GNOME 3 generally works well for me but it has some quirks. One of those quirks is that new windows don’t actually pop up on the screen with focus as they do in Windows and OS X. When opening a new window, you get a “[Windowname] is ready” notification: My preference is for new windows to pop in front and steal focus. I can see why that’s not the default since it might cause you to type something in another window where you weren’t expecting to.
Read more →

Improving LXC template security

I’ve been getting involved with the Fedora Security Team lately and we’re working as a group to crush security bugs that affect Fedora, CentOS (via EPEL) and Red Hat Enterprise Linux (via EPEL). During some of this work, I stumbled upon a group of Red Hat Bugzilla tickets talking about LXC template security. The gist of the problem is that there’s a wide variance in how users and user credentials are handled by the different LXC templates.
Read more →