Security | marco.ninja

Copy & Paste Is Dangerous

Posts | 2023-10-07 (updated 2025-10-22) | 2 min read
#bash #security #writeup

Copy & paste from untrusted sources on the internet into the terminal is a really bad idea! Early in my career I did it too and still often see others doing it.

How SELinux screws with scripts when run over VMware Tools

Notes | 2021-08-08 (updated 2025-10-25) | 1 min read
#ansible #automation #linux #security #selinux #sysadmin #vmware

SELinux by default prohibits certain things from working through VMware tools (Ansible connection or plain API).

This can be solved two ways:

Disabling SELinux: BAD, but easy
Writing a custom SELinux policy: complicated but more secure

Note: Adding/Changing this policy through a VMware tools connection is thankfully possible

Example policy

This policy is the base for a VMware tools policy and allows entering the rpm context (yum).

module custom-vmtools 1.0;

require {
        type rpm_script_t;
        type vmtools_unconfined_t;
        class process transition;
}

#============= vmtools_unconfined_t ==============

allow vmtools_unconfined_t rpm_script_t:process transition