This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.

TRANSLATORS
Please do not translate this document until it is checked into CVS. This document is undergoing very large changes in structure and content

SELinux Guide

Contributions are welcomed!

Documentation Summary:

Purpose: How to accomplish specific tasks with SELinux in the desktop environment. This requires a major expansion of the content beyond the SELinux FAQ which will be amalgamated into this guide in use case scenarios.

A user who finishes reading this guide should be able to:

1. Understand how the Linux kernel, policy, and user tools work together to implement SELinux in Fedora
2. Understand the differences and interactions between legacy UNIX access controls and SELinux
3. Determine, set, and understand the operational mode of SELinux in a Fedora system
4. Determine, set, and understand object and file labels
5. Understand how to perform an automatic relabeling of a file system

Audience: Individuals who are unfamiliar with SELinux and who need to learn how to function in an environment with SELinux enabled.

Approach: This document explains basic principles by explaining one principle at a time. The document assumes some familiarity with Linux/UNIX-specific terminology or concepts. Functionality is also compared, where appropriate, to what the reader may know from other OSes, particularly Microsoft Windows.

Assumptions: The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader does have access to the root password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)

Related Documents:

• SELinux
• Understanding SELinux
  • Try this excellent Flash presentation by Red Hat SELinux developer, Dan Walsh
• Multi Category Security/MCS
• Multi Level Security/MLS
• Loadable Modules
• Fedora 13 - Managing Confined Services Guide
• Policies -

1. Discussion of Policies
2. Policy Generation Tools
3. SELinux Policy Grammar language
4. Writing SE Linux policy HOWTO

• Technology -

1. An Overview of Object Classes and Permissions
2. Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)
3. Implementing SELinux as a Linux Security Module
4. A Security Policy Configuration for the Security-Enhanced Linux

• User Guide -
  • Fedora 13 - Security-Enhanced Linux User Guide
• The SELinux Notebook -

1. The Foundations (Volume 1)
2. Sample Policy Source (Volume 2)

• FAQs -

1. SELinux FAQs
2. Fedora 13 - SELinux FAQ

• Troubleshooting -

1. SETroubleShoot
2. Troubleshoot Tool
3. Troubleshooting SELinux

Additional Web Site References -

• Red Hat Enterprise Linux 6 - SELinux Guide
• http://danwalsh.livejournal.com/
• http://www.devshed.com/c/a/BrainDump/Demystifying-SELinux-on-Kernel-26/
• http://james-morris.livejournal.com/
• http://docs.fedoraproject.org/selinux-faq
• http://selinuxnews.org/
• http://www.tresys.com/education.php

NSA References -

• NSA SELinux main website
• NSA SELinux FAQ
• NSA SELinux Research

History -

• Quick history of Flask
• Full background on Fluke

Recommended Textbook -

• SELinux By Example: Using Security Enhanced Linux by Frank Mayer, Karl MacMillan, David Caplan - Prentice Hall, 2007

Possibly Dated Content References -

• Confined Domains
• SELinux Commands

Lead Writer:

Writers: MarcWiriadisastra

Fedora SELinux Guide DRAFT

Table of Contents

• Introduction
• SELinux - What is it
• Software