< Docs | Drafts | Managing Confined Services
(adding content from trac) |
mNo edit summary |
||
| Line 2: | Line 2: | ||
* '''Existing Red Hat !KnowledgeBase articles:''' <http://www.redhat.com/search?q=selinux&site=redhat_kbase&asp_charset=ISO-8859-1&filter=0&client=kbase&proxystylesheet=kbase&lr=lang_en>. | * '''Existing Red Hat !KnowledgeBase articles:''' <http://www.redhat.com/search?q=selinux&site=redhat_kbase&asp_charset=ISO-8859-1&filter=0&client=kbase&proxystylesheet=kbase&lr=lang_en>. | ||
* [http://www.redhat.com/search?q=selinux&site=redhat_kbase&asp_charset=ISO-8859-1&filter=0&client=kbase&proxystylesheet=kbase&lr=lang_en Existing Red Hat Knowledgebase articles. | |||
* [http://www.nsa.gov/selinux/ National Security Agency] | |||
== Purpose of the documentation == | == Purpose of the documentation == | ||
| Line 7: | Line 11: | ||
Provide administrators with a guide that details how to work with and manage confined services in Fedora 11. Documentation will cover: | Provide administrators with a guide that details how to work with and manage confined services in Fedora 11. Documentation will cover: | ||
* brief introduction to SELinux. | |||
* performing system administration tasks without turning SELinux off. | |||
* troubleshoot issues (include Red Hat Bugzilla and permissive domains). | |||
* allow administrators to manage SELinux without employing someone else to do so. | |||
== Audience == | == Audience == | ||
| Line 21: | Line 25: | ||
Perform system administration tasks without turning SELinux off: | Perform system administration tasks without turning SELinux off: | ||
* share files via Samba, FTP, NFS, and HTTP. | |||
* share files between multiple services. | |||
* manage BIND (for example, accept zone updates). | |||
* label files so that services can access them (semanage fcontext). | |||
* customize the ports services listen on (semanage port -a). | |||
* use non-default directories to store files for services. | |||
== Table of Contents ideas == | == Table of Contents ideas == | ||
Revision as of 03:28, 20 January 2009
Information Plan
* Existing Red Hat !KnowledgeBase articles: <http://www.redhat.com/search?q=selinux&site=redhat_kbase&asp_charset=ISO-8859-1&filter=0&client=kbase&proxystylesheet=kbase&lr=lang_en>.
- [http://www.redhat.com/search?q=selinux&site=redhat_kbase&asp_charset=ISO-8859-1&filter=0&client=kbase&proxystylesheet=kbase&lr=lang_en Existing Red Hat Knowledgebase articles.
Purpose of the documentation
Provide administrators with a guide that details how to work with and manage confined services in Fedora 11. Documentation will cover:
- brief introduction to SELinux.
- performing system administration tasks without turning SELinux off.
- troubleshoot issues (include Red Hat Bugzilla and permissive domains).
- allow administrators to manage SELinux without employing someone else to do so.
Audience
System administrators.
Audience goals
Perform system administration tasks without turning SELinux off:
- share files via Samba, FTP, NFS, and HTTP.
- share files between multiple services.
- manage BIND (for example, accept zone updates).
- label files so that services can access them (semanage fcontext).
- customize the ports services listen on (semanage port -a).
- use non-default directories to store files for services.
Table of Contents ideas
{{{ 1. Introduction
- brief introduction to SELinux. - brief introduction to confined and unconfined services.
2. Apache HTTP Server - what httpd is and does. 2.1 The Apache HTTP Server and SELinux - explain default behavior: * ports to listen on (http_port_t). * files/directories httpd can and cannot access. 2.2. Types
- how to list them.
- defined types. - how to change them and when to change them (chcon, semanage).
2.3. Booleans - how to list httpd related Booleans. - describe each Boolean. - getsebool and setsebool.
2.4. Configuration examples - see man pages. - non-default directories for services. - customized port numbers. - sharing files.
Repeat #2 for Samba, FTP, NFS, BIND, etc...
X. Troubleshooting }}}