Information Plan

• Existing Red Hat Knowledgebase articles.

Purpose of the documentation

Provide administrators with a guide that details how to work with and manage confined services in Fedora 11. Documentation will cover:

• brief introduction to SELinux.
• performing system administration tasks without turning SELinux off.
• troubleshoot issues (include Red Hat Bugzilla and permissive domains).
• allow administrators to manage SELinux without employing someone else to do so.

Audience

System administrators.

Audience goals

Perform system administration tasks without turning SELinux off:

• share files via Samba, FTP, NFS, and HTTP.
• share files between multiple services.
• manage BIND (for example, accept zone updates).
• label files so that services can access them (semanage fcontext).
• customize the ports services listen on (semanage port -a).
• use non-default directories to store files for services.

Table of Contents ideas

{{{ 1. Introduction

- brief introduction to SELinux. - brief introduction to confined and unconfined services.

2. Apache HTTP Server - what httpd is and does. 2.1 The Apache HTTP Server and SELinux - explain default behavior: * ports to listen on (http_port_t). * files/directories httpd can and cannot access. 2.2. Types

                - how to list them.

- defined types. - how to change them and when to change them (chcon, semanage).

2.3. Booleans - how to list httpd related Booleans. - describe each Boolean. - getsebool and setsebool.

2.4. Configuration examples - see man pages. - non-default directories for services. - customized port numbers. - sharing files.

Repeat #2 for Samba, FTP, NFS, BIND, etc...

X. Troubleshooting }}}