Docs/Drafts/SELinux User Guide/SELinux Information Plan

= Phase 1: Information Planning =

Deliverables and Milestones

 * Information Plan: documents findings after the initial investigation is complete. Generates an idea about where the project is heading, and what it requires.


 * Project Plan: an estimation of the time and resources required to complete the project.

= Information Plan =

Information Sources

 * National Security Agency
 * Russell Coker: , Multi-Category Security in SELinux in Fedora Core 5, 
 * James Morris: Have You Driven an SELinux Lately?, An Overview of Multilevel Security and LSPP under Linux.
 * SELinux Symposium and Developer Summit
 * Fedora Core 3: Understanding and Customizing the Apache HTTP SELinux Policy (Beta Document)
 * What is Security-Enhanced Linux?
 * RHS429 course.
 * Taking advantage of SELinux in Red Hat® Enterprise Linux®
 * Current SELinux project documentation todo list.
 * Gentoo Wiki HOWTO Understand SELinux
 * SELinux Reference Policy
 * Introduction to Multilevel Security, Dr. Rick Smith.
 * Red Hat Enterprise Linux 5 Deployment Guide:
 * End User Control of SELinux.
 * Fedora Core 5 SELinux FAQ
 * Fedora SELinux/FAQ
 * Red Hat Enterprise Linux 4 SELinux Guide: Working with SELinux.
 * Mailing lists:  and .
 * IRC: #fedora-selinux and #selinux
 * fedora-selinux-list archives.
 * Fedora SELinux Wiki.
 * Blogs: , , and .
 * SELinux news.
 * SELinux webcast.
 * Confining Users.
 * Common Criteria Evaluation and Validation Scheme Validation Report
 * Risk report: Three years of Red Hat Enterprise Linux 4
 * Tresys (Mitigation News).
 * Integrating Flexible Support for Security Policies into the Linux Operating System.
 * Meeting Critical Security Objectives with Security-Enhanced Linux.

Purpose of the Documentation

 * Provide a short, simple introduction to access control (MAC, MLS, MCS), and SELinux.
 * Use examples to describe how SELinux operates (such as Apache HTTP server not reading user_home_t files).
 * Give users information needed to do what they want without turning SELinux off.
 * From the current SELinux documentation todo list, "Translate danwalsh.livejounal.com in to a beginner user guide".

Audience

 * Familiar with using a Linux computer and a command line.
 * No system administration experience is necessary; however, content may be geared towards system administration tasks.
 * No previous SELinux experience.
 * People who are never going to write their own SELinux policy.

What the Documentation Covers (in no particular order, and subject to change)
From the current SELinux documentation todo list:
 * Previous TOC Ideas
 * "Explain how to interpret an AVC message and how to get additional information via SYSCALL audit, including how to add a simple syscall audit filter to enable collection of PATH information".
 * Document Confined Users".
 * "Update FC5 FAQ".
 * "Document the use of the mount command for overriding file context".
 * "Describe Audit2allow and how it can just Fix the machine".
 * "Update and organize the Fedora SELinux FAQ".

-

SELinux Introduction:


 * Brief overview.
 * What SELinux can and can't do.
 * Examples to explain how SELinux works (e.g., Apache HTTP).

SELinux Contexts and Attributes:


 * Brief overview of objects, subjects, and object classes.
 * Explain each part of SELinux labels.

Targeted Policy Overview:


 * Confined and Unconfined processes.
 * Confined system and user domains.

Working with SELinux:


 * Installing and Upgrading packages.
 * Configuration Files.
 * Enable and Disable SELinux.
 * semanage: booleans, labeling files, adding users, translations.
 * Managing and Maintaining SELinux Labels.

Managing Users:


 * Linux and SELinux user account mappings.
 * Adding confined and unconfined users.
 * Modifying existing users.

System Services:


 * Examples, sharing content between services.

SELinux Log Files and Denials:


 * auditd and setroubleshoot.
 * Searching log files (ausearch).
 * Interpreting AVC Denials.
 * sealeart -l \*
 * What to check for after a denial (DAC permissions...)
 * audit2allow and audit2why.

Access Control


 * Concepts of DAC, MAC, Type Enforcement®, etc.

Working with MCS and MLS


 * Examples from domg472.

= Project Plan =

Schedule
Updated 30 September 2008 to reflect slip in Fedora 10 schedule.

Information Plan: July 14 -> July 24 (9 days)
Deliverables: Information Project Plans

Content Specification: July 25 -> August 14 (15 days)
Deliverables:
 * Individual publications that are planned for the final document. These publications are done on the Wiki. This occurs after extensive research into topics.
 * Table of contents.
 * Phase review: subject matter experts approve the plan or request modifications to content.

Implementation: August 15 -> November 8 (70 days)
Designs for style, prototype sections, first, second, and approved drafts, weekly reports sent to .

Localization and Production: November 16 -> November 24 (9 days)
Translation, preparing final copies/PDFs.

Evaluation: October 29 -> October 30 (1 day)

 * Evaluate the project.
 * Plan maintenance cycles.
 * Plan next release.

= Subject Matter Experts =
 * Daniel Walsh
 * James Morris
 * Eric Paris
 * domg472
 * Russell Coker
 * Stephen Smalley
 * Karl MacMillan
 * Joshua Brindle
 * Christopher J. PeBenito