I had to change my sound device settings to stop this annoyance.
@MRW5154 жыл бұрын
lol
@SirWolf20183 жыл бұрын
Actually, in the Accessibility settings you can *Turn on mono audio*, but still annoying!
@7xr1e20ln83 жыл бұрын
Holy moly I didn't know What the Math guy was into SELinux lol
@leonardoespinosa37963 жыл бұрын
I found the solution: Watched it all over again with the headphones switched over sides =P
@pkaramol5 жыл бұрын
The presentation is fantastic. But what's with Red Hat refusing to adopt the stereo technology?
@akashpsajeev17714 жыл бұрын
Apparently they've dropped support for it in this release even though they supported it before.
@paulwebster98443 жыл бұрын
It was in stereo. The presenter was only ever on the left side of the video
@SirWolf20183 жыл бұрын
@@paulwebster9844 You do realize that's not helping us?
@paulwebster98443 жыл бұрын
@@SirWolf2018 Apologies. My definition of "humour" seems to be lop-sided too.
@SirWolf20183 жыл бұрын
@@paulwebster9844 Sorry, I wasn't in the right mood to appreciate humor at that time. Please ignore what I said.
@RyanEstep58776 жыл бұрын
Hands down. The best explanation that I have ever heard. Thanks.
@Chris-Christopher-3 жыл бұрын
The guy's belt ruined it for me.
@zXHAcKeRzXz3 жыл бұрын
semi-heard*
@sefirotsama3 жыл бұрын
The most informative and complete SE linux talk I've seen. Very good of your time. Good presenter.
@daniel2801875 жыл бұрын
What a great presentation!!. It definitely changed my way of looking at SELinux and it will anyone struggling to understand those key concepts. I will share this video with my colleagues. Thanks for sharing.
@orbotik4 жыл бұрын
Saved my butt. Followed along, CLI examples so helpful. No SELinux disables here!
@011azr3 жыл бұрын
Just a tips for Windows user out there. Press the windows button and then type "Ease of access audio settings". In the "Turn on mono audio", toggle the button to change it to "On". You're very welcome ;)
@Trippykiyay3 жыл бұрын
Best SElinux presentation i have ever seen. THANK YOU!
@dundydunker2 жыл бұрын
This was one of the most helpful presentations. Knowing now that selinux provides errors with solutions is a life changer for me!
@carrycat876 Жыл бұрын
All you really need to understand SE Linux - This was very helpful thank you 🙏
@forbinplanet99003 жыл бұрын
Concise, clear and very very useful! I used what I learned here to clear up a problem that I'd been trying to solve for weeks.
@zXHAcKeRzXz3 жыл бұрын
Technically speaking the audio is KZbin fault. When you submit it mono audio video (logical when you've recorded with only one mic), YT convert it to stereo but only feed one channel. So yeah it's weird I suggest that they develop mono audio support to stream just the original mono audio without converting it. And I suggest for the audio engine of every OS to automatically reproduce the sound of feeded channel to non feeded channel automatically (Like if you use 5.1 on a 7.1 or 2.1 on a 5.1 or whatever, no speakers should be left unused, it's annoying)
@kimvette13 жыл бұрын
Third-party classes like I've taken for RHEL 5-7 keep selinux obfuscated and overcomplicate the instructions --- I suspect because they don't understand it themselves so they treat it like voodoo. Thank you for breaking it down like this!
@ThomasCameron11 ай бұрын
You're very welcome.
@robertochieng17053 жыл бұрын
this video moved me to SELinux guru. I had no clue what SELinux no matter how much I read
@kellyp14402 жыл бұрын
This is awesome - watched this and fixed a problem that had been bugging me for days :)
@louiehernandez78213 жыл бұрын
Thank you for the breakdown of SE Linux. Very super helpful.
@example1013 жыл бұрын
REDHAT DOCS AND SUMMIT SPEAKERS ARE AWESOME.
@TirajAdikari9 ай бұрын
Thank you. Your experience shows in the way you have explained difficult subject in such an easy manner.
@BenThatOneGuy4 жыл бұрын
Fantastic explanation. This is a top tier presentation on one of the harder things to learn about linux admin work.
@ThinAung-y8eАй бұрын
Do we have updated presentation for RHEL8 / 9?
@Oswee3 жыл бұрын
This is so fantastic talk! Made many great notes.
@richard_ackad4 жыл бұрын
Very interesting and constructive presentation.
@MubarakAlrashidi5 жыл бұрын
You made it so easy. Thanks
@ahmadatef64843 ай бұрын
Anybody has an idea where can I find those slides?
@vieldcs3 жыл бұрын
Long tutorial, but very usful to me. Thumb up.
@Kuvaldis19836 ай бұрын
Perfect!!! Thanks for such an easy-to-understand approach!!!
@JamesSusanka8 ай бұрын
I find it funny that corporations are so worried about security but yet will force employees to run Windows as their desktop when that is about the worse thing you can run on your desktop.
@GregTheHun2 жыл бұрын
Can't seem to find the presentation file for this anymore, anyone have a link to get it?
Does the SELinux labels do anything in a system that isn't using SELinux? So, if I physically remove the hard disk from a system protected by SELinux and mount it on a system that doesn't use SELinux, will the labels still protect the home folder of the user who chmod 777'd all his files or will I be able to read them because only DAC is active then? The second, right?
@KifKrokerАй бұрын
SELinux can't protect you when its not in use, if you break out the hdd you can read the data. If you disable selinux it will also not protect you anymore ...
@RyanEstep58779 ай бұрын
I need you to explain all of RHEL
@neptronix2 жыл бұрын
Great talk, thank you!!
@TiagoJoaoSilva3 жыл бұрын
Great presentation, but IMO, having to use "permissive" and policy modules looks like a failure in the concept of SELinux. Having to 'spray and pray' instead of fixing from first principles shows, to me, that the first principles are not very well thought-out.
@ThomasCameron11 ай бұрын
Generally, SELinux works fine with software which is included with the distro. It's mostly when you start to use non-SELinux aware apps from third parties where it can get in your way. I hope that this helped you in those cases.
@SunsetGraffiti26 күн бұрын
Very helpful and demystifying!
@ramendersingh30725 жыл бұрын
if a system is compromised and the attacker has root access then selinux is useless. How does selinux prevent attack?
@kuhluhOG4 жыл бұрын
well, if a service (Let's say a webserver) is being run as root and a hacker takes control of that service, without SELinux, your are done with SELinux, he may have "root-access", but not all the privileges because he still runs for example a shell as a child-process of the webserver
@SergePavlovsky2 жыл бұрын
what will attacker do with root access? connect somewhere and run shell? selinux will deny it
@joejavacavalier20012 жыл бұрын
I've seen PHP based sites get compromised and PHP files over written. I've tried to simulate such an attack on Fedora. There are separate context types to allow and deny Apache and PHP-FPM from overwriting other code files.
@zakmire69254 жыл бұрын
Does anyone know if SELinux can cause connectivity issue for F5 health check for Apache servers
@Departure48856 жыл бұрын
Great video!
@slopedoff4 жыл бұрын
nice presentation, Tomas Cameron but why do you use armitage? to track down logs from mailserver? at which point, can anyone clear this out? ty
@ThomasCameron10 ай бұрын
Sorry, I just now saw this. Armitage is just the name of the server I built the examples on. It's a character from the Neruomancer novel by William Gibson.
@antonfernando84092 жыл бұрын
Does ubuntu 20.04 use seclinux stuff?
@elabeddhahbi33014 жыл бұрын
I wanna know why people still can read the /etc/passwd when they find rce
@modo42112 жыл бұрын
19:00 : Is installing setroubleshoot and setroubleshoot-server not recommended in production environments? If so why?
@ThomasCameron11 ай бұрын
You want to keep your production environment as thin as possible. You should use those tools in a dev/test environment and replicate the problem there.
@OrdenJust Жыл бұрын
I am unclear on something. If you see from the logs that SELinux is blocking something, how do you know you should "fix" that by allowing the access? Maybe the "denied" or "prevented" messages should not be "fixed", because denying is exactly the right thing to do.
@ThomasCameron11 ай бұрын
I talked about that. Just because something is blocked doesn't mean that it's a problem. You may be doing something wrong. If you know that you're doing something right, I talk about how to make changes via booleans or semanage fcontext. If you're not clear, feel free to ask questions, I'll help out however I can. Cheers!
@OrdenJust11 ай бұрын
@@ThomasCameron Thank you for this reply. For what it is worth, I rarely know that I am doing something right. :)
@amitkhulbe3 жыл бұрын
I am a lefty and naturally have more control and strength on left. But today my right side has the power of configuring selinux and left is lagging!!
@timleungck5 жыл бұрын
if an attacker compromises the web server and able to exploit the OS and gain root privilege. Can SELinux stop the root user from doing malicious activity? This is a chicken and egg problem for me, since root should have access to modify the SELinux policy, but we also wanna stop attacker from modify the SELinux policy even if they get root access. Can this problem be solved at this level? Or we need some hardware to help us?
@timleungck5 жыл бұрын
www.coker.com.au/selinux/play.html Here's a server with root UID=0 but have restricted access, how can this happen?
@oliverford5367 Жыл бұрын
The Web server shouldn't run as root, but as a limited user
@qinmishu12 күн бұрын
very helpful
@tylerjames31593 жыл бұрын
Video Timestamp: @24:44 ~~~ NAME="CentOS Stream" VERSION="8" ~~~ It would seem that this file location no longer exists as shown here. /etc/selinux/targeted/m* ## dir does not exist From my research, you can find booleans.local under /var/lib/selinux/targeted/active/ It appears to contain the same information.
@entropy79 Жыл бұрын
Fantastic :)
@tilopanaropamarpa4 жыл бұрын
Please improve sound recording, please
@LiveWireBT3 жыл бұрын
SE Linux: Built for NSA requirements. »Um it throws errors and we are lazy, so we turn it off. « Also: Oracle DB, built for NSA requirements. »We have to hire special administrators for that! It's important!« No double standards here, move on.
@iainkay3630Ай бұрын
Could not watch with audio in one ear.
@MohammadHusain5 жыл бұрын
Awesome!
@bog98673 жыл бұрын
Great
@sealivezentrum2 жыл бұрын
For anyone not knowing this: If you expect it to be secure bear in mind that SElinus also has e.g. timing attacks purposefully build in by certain groups of interest
@meladath51812 жыл бұрын
The fact that you need a 43 minute lecture on how to "not turn it off" is why everyone turns it off.
@vickyrfirmansyah3 жыл бұрын
fak , i thought my headset is broken
@joseguzman2243 жыл бұрын
i just clicked the play button and I decided that I am out, can't deal with this left ear audio.
@edgarmatzinger97422 жыл бұрын
Title: _"How does selinux work?"_ It doesn't. It's a pain in the behind.
@oliverford5367 Жыл бұрын
But it secures the system. So a vulnerability in say apache or nginx doesn't lead to full compromise
@edgarmatzinger9742 Жыл бұрын
@@oliverford5367Selinux does *NOT* prevent anything like that.
@oliverford5367 Жыл бұрын
@@edgarmatzinger9742 It does surely? It limits would an nginx server running malicious code could access.
@edgarmatzinger9742 Жыл бұрын
@@oliverford5367 And how would you get nginx to run that _"malicious code?"_ If you're able to use crafted urls to run such code or access incorrect/prohibited data, selinux is not going to help you. I'm all for hardening a linux system. When designing a system, security must be built-in. And is selinux the last part to configure. IMHO selinux is poorly build and has lousy logging. Audit2why produces useless information like "unable to access subsystem." OK, and now what? And this is after setting up the necessary contexts and booleans... Yes, I could've tried to create a new policy. But that doesn't tell me why things don't work. And is nothing more than a workaround.
@mysticgoose2 жыл бұрын
Setenforce 0
@quittobaccotoday Жыл бұрын
I'd rather have nix package manager than selinux on my Fedora desktop. And apparently you can't have both.
@jacksondaniels0074 жыл бұрын
I really needed this presented just the way you did, this was a really great/clear explanation. The fact that you were able to make this make sense to me of all people, proves you deserve as many gold stars Red Hat can shower down on you.
@PaulZyCZ5 жыл бұрын
There is something wrong with audio in the recording, I hear only left-ear channel (had to open it in VLC).
@theboomshadow5 жыл бұрын
Oh my gosh, Thank you! That fixed the problem for me.
@NeerajSainiTheBoss4 жыл бұрын
thanks!!!! switching to mono fixed it
@AndrewElmore4 жыл бұрын
I just assumed that my headphones had stopped working.
@parkasat4 жыл бұрын
how do you open it in vlc?
@OnlajnIdentitet4 жыл бұрын
@@parkasat * Media/Open Network Stream... (paste KZbin video URL in the Network tab) When video starts to play, go to to * Audio/Stereo Mode (select Mono)
@Worscht30003 жыл бұрын
selinux prevented /bin/rightear from listening good information :) Thanks for the tricks managing basic stuff, will def write that down to my stay lazy notes
@marekbubenik15563 жыл бұрын
Great presentation! I finally know how to deal with SELinux, haha. Thank you
@hvanmegen3 жыл бұрын
oh, you mean by typing 'echo SELINUX=disabled > /etc/selinux/config ; shutdown -r now' ? 🤣
@abhishekshah115 жыл бұрын
I finally understand this. Thank you!
@daveeasterly24706 жыл бұрын
An easier way to find the regular expression you need to change the context on your /foor/bar/ web content directory is to run `man semanage-fcontext` and jump down to the "EXAMPLES." Try `man -k semanage` to find some more related documentation. And to really get your hardcore nerd on, try this : `yum -y install selinux-policy-doc ; mandb ; man -k _selinux` and you'll find docs that explain the relevant contexts and booleans in pages like "httpd_selinux" and "sshd_selinux" and so on.
@ThomasCameron5 жыл бұрын
That's a good idea, I'm totally stealing it. ;-)
@daveeasterly24704 жыл бұрын
@@ThomasCameron Hope Bezos is treating you well, sir! Big loss for RH when you left. You rock.
@loneosama15 жыл бұрын
This was really good presentation. My friend had explained me a bit on SE linux earlier so this was a good step up from that
@FlorisApon3 жыл бұрын
On Windows 10: Ease of Access > Audio > Turn on mono audio You're welcome
@Rickety32633 жыл бұрын
Preparing for my comptia linux certification... Watched through beginning to end... now I will be re-creating each of these examples in my lab. This is awesome thank you
@tobyhdr5 жыл бұрын
Awesome presentation, thank you!
@paulwoods40943 жыл бұрын
Fantastic presentation, learned lot from this, gives me some ideas of how to go about fixing issues with SELinux.
@leknyzma5 жыл бұрын
you clearly know what you are doing. hats down
@nafasm5 жыл бұрын
Thanks Thomas it's really nice presentation
@ThomasCameron5 жыл бұрын
My pleasure, thanks for the kind words.
@ContantContact2 жыл бұрын
Dating yourself via Novell certified? I am an OS/2 and OS/2 Warp certified engineer. That didn't age well, with the predatory MS in town....
@ThomasCameron11 ай бұрын
We're old, partner.
@hugopfeffer41752 жыл бұрын
setsebool -P right_side_headphone on
@spaceman117X3 жыл бұрын
After spending couple of hours testing every example from this video, and fixing SEL issues on authorized_keys file, i feel like I get some new superpower. The feeling is PRICELESS!
@ThomasCameron11 ай бұрын
💙
@OthmanAlikhan3 жыл бұрын
Thanks for the video =)
@densidad132 жыл бұрын
Just by seeing this I made sense of much of system admin stuff I've been exposed as a linux newcomer over the last year. To be honest is does seem rather easy to have this security layer. I'll try to install it in my system.
@carpetedrestroom52182 жыл бұрын
my left ear enjoyed that
@iraytrace2 жыл бұрын
This is a great video presentation. Sad I didn't find this 3.5 years ago.
@jacobchmielowiec44702 жыл бұрын
This is gold.
@JimTTang3 ай бұрын
Excellent presentation skill! I don't use SELinux in the workplace but I'm confident to say I can handle basic situations by restorecon and semanage. Brovo, very nice presentation!
@stanleyogadachinedu23 күн бұрын
It's been 6 years now, But I still don't understand SELINUX 😂
@RootsterAnon8 күн бұрын
This video perfectly summary of what SEL is.
@Tiller1990 Жыл бұрын
gold. always fixed selinux bugs with stackoverflow and crossed fingers, not anymore
@tilopanaropamarpa4 жыл бұрын
Painful to listen to however great the content.
@narayanbhat32795 жыл бұрын
i could only hear my lelt speaker of mac firing towards me
@cessposter3 жыл бұрын
m e r e m o r t a l s
@michaelplaczek93852 жыл бұрын
my left ear enjoyed this alot
@arzoo825 жыл бұрын
My right ear feels rejected.
@kr0w0352 жыл бұрын
My right ear still needs to learn about se linux
@nickprokopets4042 Жыл бұрын
Perfect. Thanks.
@takis-t4 жыл бұрын
Thanks a lot. Very helpful! I want selinux into a debian based distro please 😭
@kuhluhOG4 жыл бұрын
they are going for AppArmor instead
@takis-t4 жыл бұрын
@@kuhluhOG I know. I have already did a thesis for comparison between them. But blacklisting in apparmror is not as good and as developoed as in selinux
@Moodyhammer5 жыл бұрын
Perfect thank you heaps
@MegaBratella5 жыл бұрын
Рахмет!
@jhonsantana84004 ай бұрын
It was great!
@thangnguyenmanh Жыл бұрын
Great presentation
@stevep42094 жыл бұрын
sometimes i reverse my headphones so the right side of my brain understands SELinux too.
@kj-marslander3 жыл бұрын
use SoundFixer FF extension to switch to mono and fix the sound
@drooplug Жыл бұрын
Came across this topic today in Redhat Academy. This presentation was really helpful.
@MrRafu83 Жыл бұрын
I have been watching this video so many times that I almost know it by memory, now SELinux is starting to make more sense for me :)
@JeffreyFuCa3 жыл бұрын
Awesome presentation. But it requires more hands on experiences to understand what he is trying to sell.