m (internal link cleaning) |
|||
(20 intermediate revisions by one other user not shown) | |||
Line 21: | Line 21: | ||
''Assumptions:'' The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader '''does''' have access to the ''root'' password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.) | ''Assumptions:'' The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader '''does''' have access to the ''root'' password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.) | ||
''Related Documents'': | ''Related Documents'': dramsey, added the essence of a draft format outline with the following links: | ||
* [[SELinux|SELinux]] | * [[SELinux|SELinux]] | ||
* [[ | * [[SELinux/Understanding|Understanding SELinux]] | ||
* [http:// | ** [http://www.redhat.com/v/swf/SELinux/ Try this excellent Flash presentation by Red Hat SELinux developer, Dan Walsh] | ||
* [ | * [[SELinux/MCS|Multi Category Security/MCS]] | ||
* [ | * [[SELinux/MLS|Multi Level Security/MLS]] | ||
* [[SELinux/LoadableModules|Loadable Modules]] | |||
* [http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/ Fedora 13 - Managing Confined Services Guide] | * [http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/ Fedora 13 - Managing Confined Services Guide] | ||
* [[Selinux_grammar|SELinux Policy Grammar language]] | * Policies - | ||
# [[SELinux/Policies|Discussion of Policies]] | |||
# [[SELinux/PolicyGenTools|Policy Generation Tools]] | |||
# [[Selinux_grammar|SELinux Policy Grammar language]] | |||
# [http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html Writing SE Linux policy HOWTO] | |||
* Technology - | |||
# [http://www.tresys.com/selinux/obj_perms_help.html An Overview of Object Classes and Permissions] | |||
# [http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)] | |||
# [http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf Implementing SELinux as a Linux Security Module] | |||
# [http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml A Security Policy Configuration for the Security-Enhanced Linux] | |||
* User Guide - | |||
** [http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ Fedora 13 - Security-Enhanced Linux User Guide] | |||
* The SELinux Notebook - | |||
# [http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_Volume_1_The_Foundations.pdf The Foundations (Volume 1)] | |||
# [http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_Volume_2_Sample_Policy_Source.pdf Sample Policy Source (Volume 2)] | |||
* FAQs - | |||
# [[SELinux_FAQ|SELinux FAQs]] | |||
# [http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/ Fedora 13 - SELinux FAQ] | |||
* Troubleshooting - | |||
# [[Docs/Drafts/SELinux/SETroubleShoot|SETroubleShoot]] | |||
# [https://fedorahosted.org/setroubleshoot/ Troubleshoot Tool] | |||
# [[SELinux/Troubleshooting|Troubleshooting SELinux]] | |||
Additional Web Site References - | |||
* [http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/index.html Red Hat Enterprise Linux 6 - SELinux Guide] | |||
* http://danwalsh.livejournal.com/ | * http://danwalsh.livejournal.com/ | ||
* http://www.devshed.com/c/a/BrainDump/Demystifying-SELinux-on-Kernel-26/ | |||
* http://james-morris.livejournal.com/ | * http://james-morris.livejournal.com/ | ||
* http://docs.fedoraproject.org/selinux-faq | * http://docs.fedoraproject.org/selinux-faq | ||
* http://selinuxnews.org/ | * http://selinuxnews.org/ | ||
* http://www.nsa.gov/selinux/ | * http://www.tresys.com/education.php | ||
NSA References - | |||
* [http://www.nsa.gov/selinux/ NSA SELinux main website] | |||
* [http://www.nsa.gov/research/selinux/faqs.shtml NSA SELinux FAQ] | |||
* [http://www.nsa.gov/research/selinux/ NSA SELinux Research] | |||
History - | |||
* [http://www.cs.utah.edu/flux/fluke/html/flask.html Quick history of Flask] | |||
* [http://www.cs.utah.edu/flux/fluke/html/index.html Full background on Fluke] | |||
Recommended Textbook - | |||
* [http://www.selinuxbyexample.com/ SELinux By Example: Using Security Enhanced Linux] by Frank Mayer, Karl MacMillan, David Caplan - Prentice Hall, 2007 | |||
Possibly Dated Content References - | |||
* [[SELinux/Domains|Confined Domains]] | |||
* [[SELinux/Commands|SELinux Commands]] | |||
''Lead Writer:'' | ''Lead Writer:'' | ||
''Writers'': MarcWiriadisastra | ''Writers'': MarcWiriadisastra | ||
-------- | -------- |
Latest revision as of 13:50, 18 September 2016
SELinux Guide
Documentation Summary:
Purpose: How to accomplish specific tasks with SELinux in the desktop environment. This requires a major expansion of the content beyond the SELinux FAQ which will be amalgamated into this guide in use case scenarios.
A user who finishes reading this guide should be able to:
- Understand how the Linux kernel, policy, and user tools work together to implement SELinux in Fedora
- Understand the differences and interactions between legacy UNIX access controls and SELinux
- Determine, set, and understand the operational mode of SELinux in a Fedora system
- Determine, set, and understand object and file labels
- Understand how to perform an automatic relabeling of a file system
Audience: Individuals who are unfamiliar with SELinux and who need to learn how to function in an environment with SELinux enabled.
Approach: This document explains basic principles by explaining one principle at a time. The document assumes some familiarity with Linux/UNIX-specific terminology or concepts. Functionality is also compared, where appropriate, to what the reader may know from other OSes, particularly Microsoft Windows.
Assumptions: The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader does have access to the root password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)
Related Documents: dramsey, added the essence of a draft format outline with the following links:
- SELinux
- Understanding SELinux
- Multi Category Security/MCS
- Multi Level Security/MLS
- Loadable Modules
- Fedora 13 - Managing Confined Services Guide
- Policies -
- Discussion of Policies
- Policy Generation Tools
- SELinux Policy Grammar language
- Writing SE Linux policy HOWTO
- Technology -
- An Overview of Object Classes and Permissions
- Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)
- Implementing SELinux as a Linux Security Module
- A Security Policy Configuration for the Security-Enhanced Linux
- User Guide -
- The SELinux Notebook -
- FAQs -
- Troubleshooting -
Additional Web Site References -
- Red Hat Enterprise Linux 6 - SELinux Guide
- http://danwalsh.livejournal.com/
- http://www.devshed.com/c/a/BrainDump/Demystifying-SELinux-on-Kernel-26/
- http://james-morris.livejournal.com/
- http://docs.fedoraproject.org/selinux-faq
- http://selinuxnews.org/
- http://www.tresys.com/education.php
NSA References -
History -
Recommended Textbook -
- SELinux By Example: Using Security Enhanced Linux by Frank Mayer, Karl MacMillan, David Caplan - Prentice Hall, 2007
Possibly Dated Content References -
Lead Writer:
Writers: MarcWiriadisastra