Design/SELinuxConfig

From FedoraProject

< Design(Difference between revisions)
Jump to: navigation, search
(Processes)
(6 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
= Current UI =
 +
 +
Flat navigation between the following tabs:
 +
* [[Design/SELinuxConfig#Status | Status]]
 +
* [[Design/SELinuxConfig#Boolean | Boolean]]
 +
* [[Design/SELinuxConfig#File_Labeling | File Labeling]]
 +
* [[Design/SELinuxConfig#User_Mapping | User Mapping]]
 +
* [[Design/SELinuxConfig#SELinux_User | SELinux User]]
 +
* [[Design/SELinuxConfig#Translation | Translation]]
 +
* [[Design/SELinuxConfig#Network_Port | Network Port]]
 +
* [[Design/SELinuxConfig#Policy_Module | Policy Module]]
 +
* [[Design/SELinuxConfig#Process_Domain | Process Domain]]
 +
 +
== Screenshots ==
 +
 +
=== Status ===
 +
[[Image:sysconfig-selinux-screenshot-status.png]]
 +
 +
=== Boolean ===
 +
[[Image:sysconfig-selinux-screenshot-boolean.png]]
 +
 +
=== File Labeling ===
 +
[[Image:sysconfig-selinux-screenshot-filelabels.png]]
 +
 +
=== User Mapping ===
 +
[[Image:sysconfig-selinux-screenshot-usermapping.png]]
 +
 +
=== SELinux User===
 +
[[Image:sysconfig-selinux-screenshot-selinuxuser.png]]
 +
 +
=== Translation ===
 +
[[Image:sysconfig-selinux-screenshot-translation.png]]
 +
 +
=== Network Port ===
 +
[[Image:sysconfig-selinux-screenshot-networkports.png]]
 +
 +
=== Policy Module ===
 +
[[Image:sysconfig-selinux-screenshot-policymods.png]]
 +
 +
=== Process Domain ===
 +
[[Image:sysconfig-selinux-screenshot-procdoms.png]]
 +
 
= Mockup Proposal 1 =
 
= Mockup Proposal 1 =
  
Line 49: Line 91:
  
 
=== Processes ===
 
=== Processes ===
 +
Issues:
 +
* It's not actually displaying all process domains but a rough guess at them.
 +
* Domains which are defined as permissive in a policy module not name <domain>_Permissive will be displayed as enforcing.
 +
 +
The idea of permissive domains is to turn SELinux off for some things but not everything.
 
[[Image:sysconfig-selinux-procs.png]]
 
[[Image:sysconfig-selinux-procs.png]]
(in progress)
 
  
 
= Mockup Proposal 2 =
 
= Mockup Proposal 2 =
  
 
Keep the tabs flat as they are today, integrating the two user-related tabs, but make the tabs go straight across.
 
Keep the tabs flat as they are today, integrating the two user-related tabs, but make the tabs go straight across.

Revision as of 14:56, 17 July 2009

Contents

Current UI

Flat navigation between the following tabs:

Screenshots

Status

Sysconfig-selinux-screenshot-status.png

Boolean

Sysconfig-selinux-screenshot-boolean.png

File Labeling

Sysconfig-selinux-screenshot-filelabels.png

User Mapping

Sysconfig-selinux-screenshot-usermapping.png

SELinux User

Sysconfig-selinux-screenshot-selinuxuser.png

Translation

Sysconfig-selinux-screenshot-translation.png

Network Port

Sysconfig-selinux-screenshot-networkports.png

Policy Module

Sysconfig-selinux-screenshot-policymods.png

Process Domain

Sysconfig-selinux-screenshot-procdoms.png

Mockup Proposal 1

Gist of the changes - split the tabs into two main sections - SELinux configuration, and SELinux managed objects:

  • SELinux Configuration:
    • current enforcing mode / default enforcing mode / policy provider / current policy (advanced)
    • policy modules
    • booleans
    • security levels
  • SELinux Managed Objects:
    • files
    • users (integration of selinux users & user mappings)
    • network ports
    • processes

Mockup source: Media:sysconfig-selinux-mocks1_source.svg


SELinux Configuration

General

Sysconfig-selinux-general.png

Policy Modules

File:Sysconfig-selinux-policymods.png (in progress)

Booleans

File:Sysconfig-selinux-bools.png (in progress)

Security Levels

File:Sysconfig-selinux-seclevels.png (in progress)

SELinux Managed Objects

Files

Sysconfig-selinux-files.png

Users

Sysconfig-selinux-users.png

Network Ports

Sysconfig-selinux-ports.png

Processes

Issues:

  • It's not actually displaying all process domains but a rough guess at them.
  • Domains which are defined as permissive in a policy module not name <domain>_Permissive will be displayed as enforcing.

The idea of permissive domains is to turn SELinux off for some things but not everything. Sysconfig-selinux-procs.png

Mockup Proposal 2

Keep the tabs flat as they are today, integrating the two user-related tabs, but make the tabs go straight across.