Docs/Drafts/SELinux

= SELinux Guide =

Documentation Summary:
Purpose: How to accomplish specific tasks with SELinux in the desktop environment. This requires a major expansion of the content beyond the SELinux FAQ which will be amalgamated into this guide in use case scenarios.

A user who finishes reading this guide should be able to:
 * 1)  Understand how the Linux kernel, policy, and user tools work together to implement SELinux in Fedora
 * 2)  Understand the differences and interactions between legacy UNIX access controls and SELinux
 * 3)  Determine, set, and understand the operational mode of SELinux in a Fedora system
 * 4)  Determine, set, and understand object and file labels
 * 5)  Understand how to perform an automatic relabeling of a file system

Audience: Individuals who are unfamiliar with SELinux and who need to learn how to function in an environment with SELinux enabled.

Approach: This document explains basic principles by explaining one principle at a time. The document assumes some familiarity with Linux/UNIX-specific terminology or concepts. Functionality is also compared, where appropriate, to what the reader may know from other OSes, particularly Microsoft Windows.

Assumptions: The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader does have access to the root password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)

Related Documents: dramsey, added the essence of a draft format outline with the following links:


 * SELinux
 * Understanding SELinux
 * Try this excellent Flash presentation by Red Hat SELinux developer, Dan Walsh
 * Multi Category Security/MCS
 * Multi Level Security/MLS
 * Loadable Modules
 * Fedora 13 - Managing Confined Services Guide
 * Policies -
 * 1) Discussion of Policies
 * 2) Policy Generation Tools
 * 3) SELinux Policy Grammar language
 * 4) Writing SE Linux policy HOWTO
 * Technology -
 * 1) An Overview of Object Classes and Permissions
 * 2) Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)
 * 3) Implementing SELinux as a Linux Security Module
 * 4) A Security Policy Configuration for the Security-Enhanced Linux
 * User Guide -
 * Fedora 13 - Security-Enhanced Linux User Guide
 * The SELinux Notebook -
 * 1) The Foundations (Volume 1)
 * 2) Sample Policy Source (Volume 2)
 * FAQs -
 * 1) SELinux FAQs
 * 2) Fedora 13 - SELinux FAQ
 * Troubleshooting -
 * 1) SETroubleShoot
 * 2) Troubleshoot Tool
 * 3) Troubleshooting SELinux

Additional Web Site References -


 * Red Hat Enterprise Linux 6 - SELinux Guide
 * http://danwalsh.livejournal.com/
 * http://www.devshed.com/c/a/BrainDump/Demystifying-SELinux-on-Kernel-26/
 * http://james-morris.livejournal.com/
 * http://docs.fedoraproject.org/selinux-faq
 * http://selinuxnews.org/
 * http://www.tresys.com/education.php

NSA References -


 * NSA SELinux main website
 * NSA SELinux FAQ
 * NSA SELinux Research

History -


 * Quick history of Flask
 * Full background on Fluke

Recommended Textbook -


 * SELinux By Example: Using Security Enhanced Linux by Frank Mayer, Karl MacMillan, David Caplan - Prentice Hall, 2007

Possibly Dated Content References -


 * Confined Domains
 * SELinux Commands

Lead Writer:

Writers: MarcWiriadisastra

= Fedora SELinux Guide DRAFT =

Table of Contents

 * Introduction
 * SELinux - What is it
 * Software