Ubuntu 25.10 Will Ship with the Linux 6.17 Kernel

Day-by-day we’re learning more on what to expect in Ubuntu 25.10 ‘Questing Quokka’, the next short-term release of Ubuntu due for release in October. Today, Canonical’s Kleber Souza, member of the Ubuntu Kernel Team, confirmed the plan is to ship the Linux 6.17 kernel in Ubuntu 25.10 – barring any unforeseen upstream hiccups, of course. As we’re yet to see the release of the Linux 6.15 kernel, and 6.16 is yet to enter development, committing to a version so far out may seem a bit optimistic. But it tracks. Last year Canonical made a major change to its kernel cadence […]

You're reading Ubuntu 25.10 Will Ship with the Linux 6.17 Kernel, a blog post from OMG! Ubuntu. Do not reproduce elsewhere without permission.

Continue ReadingUbuntu 25.10 Will Ship with the Linux 6.17 Kernel

Fortifying Debian With SELinux by Enforcing Mandatory Access Control for Ultimate System Security

Fortifying Debian With SELinux by Enforcing Mandatory Access Control for Ultimate System Security

In an era where cyber threats are evolving rapidly, securing Linux systems goes far beyond basic user permissions. Traditional security mechanisms like Discretionary Access Control (DAC) offer limited safeguards against privilege escalation, compromised applications, and insider threats. To address these limitations, Security-Enhanced Linux (SELinux) offers a powerful, fine-grained framework for Mandatory Access Control (MAC) — and it's not just for Red Hat-based distributions anymore.

In this article, we'll explore how to integrate SELinux into Debian, one of the most widely used and respected GNU/Linux distributions. We'll break down its architecture, setup procedures, policy management, and troubleshooting techniques. Whether you're running a mission-critical server or seeking to harden your desktop environment, this guide will show you how SELinux can elevate your system security to enterprise-grade standards.

Understanding the Foundations of SELinux

What Is SELinux?

SELinux is a kernel security module initially developed by the United States National Security Agency (NSA) in collaboration with the open-source community. It introduces the concept of mandatory access controls by enforcing policy-based rules that strictly define how processes and users can interact with files, directories, sockets, and devices.

Unlike DAC, where file owners control access, MAC policies are imposed by the system administrator and enforced by the kernel, regardless of user ownership or permissions.

Core Components of SELinux
  • Subjects: Active entities (usually processes).

  • Objects: Passive entities (like files, directories, devices).

  • Contexts: Security labels assigned to subjects and objects.

  • Types/Domains: Used to define access rules and behavior.

  • Policies: Written rulesets that determine access control logic.

Enforcement Modes
  • Enforcing: SELinux policies are applied and violations are blocked.

  • Permissive: Policies are not enforced, but violations are logged.

  • Disabled: SELinux is turned off entirely.

SELinux on Debian: A Reality Check

Debian has traditionally favored AppArmor for its simplicity and ease of integration. However, SELinux support is fully present in Debian’s repositories. As of Debian 12 (Bookworm) and later, integrating SELinux is more streamlined and better documented than ever.

Continue ReadingFortifying Debian With SELinux by Enforcing Mandatory Access Control for Ultimate System Security