Design/SELinuxConfig

From FedoraProject

< Design(Difference between revisions)
Jump to: navigation, search
(SELinux Managed Objects)
 
(9 intermediate revisions by one user not shown)
Line 1: Line 1:
 +
{{header|design}}
 +
= Current UI =
 +
 +
Flat navigation between the following tabs:
 +
* [[Design/SELinuxConfig#Status | Status]]
 +
* [[Design/SELinuxConfig#Boolean | Boolean]]
 +
* [[Design/SELinuxConfig#File_Labeling | File Labeling]]
 +
* [[Design/SELinuxConfig#User_Mapping | User Mapping]]
 +
* [[Design/SELinuxConfig#SELinux_User | SELinux User]]
 +
* [[Design/SELinuxConfig#Translation | Translation]]
 +
* [[Design/SELinuxConfig#Network_Port | Network Port]]
 +
* [[Design/SELinuxConfig#Policy_Module | Policy Module]]
 +
* [[Design/SELinuxConfig#Process_Domain | Process Domain]]
 +
 +
== Screenshots ==
 +
 +
=== Status ===
 +
[[Image:sysconfig-selinux-screenshot-status.png]]
 +
 +
=== Boolean ===
 +
[[Image:sysconfig-selinux-screenshot-boolean.png]]
 +
 +
=== File Labeling ===
 +
[[Image:sysconfig-selinux-screenshot-filelabels.png]]
 +
 +
=== User Mapping ===
 +
[[Image:sysconfig-selinux-screenshot-usermapping.png]]
 +
 +
=== SELinux User===
 +
[[Image:sysconfig-selinux-screenshot-selinuxuser.png]]
 +
 +
=== Translation ===
 +
[[Image:sysconfig-selinux-screenshot-translation.png]]
 +
 +
=== Network Port ===
 +
[[Image:sysconfig-selinux-screenshot-networkports.png]]
 +
 +
=== Policy Module ===
 +
[[Image:sysconfig-selinux-screenshot-policymods.png]]
 +
 +
=== Process Domain ===
 +
[[Image:sysconfig-selinux-screenshot-procdoms.png]]
 +
 
= Mockup Proposal 1 =
 
= Mockup Proposal 1 =
  
Line 4: Line 47:
  
 
* SELinux Configuration:
 
* SELinux Configuration:
** current enforcing mode / default enforcing mode
+
** current enforcing mode / default enforcing mode / policy provider / current policy (advanced)
** policy provider
+
** current policy
+
 
** policy modules
 
** policy modules
 
** booleans
 
** booleans
Line 18: Line 59:
 
Mockup source:
 
Mockup source:
 
[[Media:sysconfig-selinux-mocks1_source.svg]]
 
[[Media:sysconfig-selinux-mocks1_source.svg]]
 +
 +
 +
== SELinux Configuration ==
 +
 +
=== General ===
 +
[[Image:sysconfig-selinux-general.png]]
 +
 +
=== Policy Modules ===
 +
[[Image:sysconfig-selinux-policymods.png]]
 +
(in progress)
 +
 +
=== Booleans ===
 +
[[Image:sysconfig-selinux-bools.png]]
 +
(in progress)
 +
 +
=== Security Levels ===
 +
[[Image:sysconfig-selinux-seclevels.png]]
 +
(in progress)
  
 
== SELinux Managed Objects ==
 
== SELinux Managed Objects ==
Line 33: Line 92:
  
 
=== Processes ===
 
=== Processes ===
 +
Issues:
 +
* It's not actually displaying all process domains but a rough guess at them.
 +
* Domains which are defined as permissive in a policy module not name <domain>_Permissive will be displayed as enforcing.
 +
 +
The idea of permissive domains is to turn SELinux off for some things but not everything.
 
[[Image:sysconfig-selinux-procs.png]]
 
[[Image:sysconfig-selinux-procs.png]]
  

Latest revision as of 20:42, 26 August 2013

Artwork ArtTeamProjects WikiDesign ArtTeamN1.png

Contents

[edit] Current UI

Flat navigation between the following tabs:

[edit] Screenshots

[edit] Status

Sysconfig-selinux-screenshot-status.png

[edit] Boolean

Sysconfig-selinux-screenshot-boolean.png

[edit] File Labeling

Sysconfig-selinux-screenshot-filelabels.png

[edit] User Mapping

Sysconfig-selinux-screenshot-usermapping.png

[edit] SELinux User

Sysconfig-selinux-screenshot-selinuxuser.png

[edit] Translation

Sysconfig-selinux-screenshot-translation.png

[edit] Network Port

Sysconfig-selinux-screenshot-networkports.png

[edit] Policy Module

Sysconfig-selinux-screenshot-policymods.png

[edit] Process Domain

Sysconfig-selinux-screenshot-procdoms.png

[edit] Mockup Proposal 1

Gist of the changes - split the tabs into two main sections - SELinux configuration, and SELinux managed objects:

  • SELinux Configuration:
    • current enforcing mode / default enforcing mode / policy provider / current policy (advanced)
    • policy modules
    • booleans
    • security levels
  • SELinux Managed Objects:
    • files
    • users (integration of selinux users & user mappings)
    • network ports
    • processes

Mockup source: Media:sysconfig-selinux-mocks1_source.svg


[edit] SELinux Configuration

[edit] General

Sysconfig-selinux-general.png

[edit] Policy Modules

File:Sysconfig-selinux-policymods.png (in progress)

[edit] Booleans

File:Sysconfig-selinux-bools.png (in progress)

[edit] Security Levels

File:Sysconfig-selinux-seclevels.png (in progress)

[edit] SELinux Managed Objects

[edit] Files

Sysconfig-selinux-files.png

[edit] Users

Sysconfig-selinux-users.png

[edit] Network Ports

Sysconfig-selinux-ports.png

[edit] Processes

Issues:

  • It's not actually displaying all process domains but a rough guess at them.
  • Domains which are defined as permissive in a policy module not name <domain>_Permissive will be displayed as enforcing.

The idea of permissive domains is to turn SELinux off for some things but not everything. Sysconfig-selinux-procs.png

[edit] Mockup Proposal 2

Keep the tabs flat as they are today, integrating the two user-related tabs, but make the tabs go straight across.