Back in the Bullseye day’s I use to have a pretty sophisticated web application server where I ran three web applications fully compartmentalized with MCS When I moved to Bookworm I initially decided to no longer use these web applications. The setup was a bit on the heavy side. Each web application had its own […]

This functionality enables one to have entities log to specific log instances and it seems like a natural fit for MCS based separation. It required a few tweaks to dssp5-debian to get it to work. First I needed to ensure that LogNamespace logs are labeled, and stay labeled properly. This requires a bit of creative […]

I worked on improving support for the systemd.volatile=overlay functionality in dssp5-debian and its mkosi configurations. If you bootstrap Debian 12 using one of my mkosi configurations then it should work fine. You still have to set the systemd_volatile_overlay SELinux boolean to true in the systemdvolatileoverlaybooleanfile module because the root filesystem is then a tmpfs and […]