Docs/Drafts/SELinux

From FedoraProject

< Docs | Drafts(Difference between revisions)
Jump to: navigation, search
m (1 revision(s))
(Documentation Summary:)
 
(24 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<pre>#!html
+
{{Draft}}
<font size="+1"></pre>
+
{{Admon/caution | TRANSLATORS | Please do not translate this document until it is checked into CVS. This document is undergoing very large changes in structure and content}}
 
= SELinux Guide =
 
= SELinux Guide =
<pre>#!html
 
</font></pre>
 
  
{| border="1"
+
{{Admon/tip | Contributions are welcomed!}}
|-
+
| {{Template:Warning}} '''THIS IS A DRAFT ONLY, FOR USE BY DOCUMENTATION WRITERS AND EDITORS. DO NOT RELY ON IT FOR ANY ADVICE UNTIL THIS NOTICE DISAPPEARS AND THE DOCUMENT IS PUBLISHED AS FINAL.'''
+
|}
+
 
+
{| border="1"
+
|-
+
| '''Contributions are welcomed!'''
+
|}
+
 
+
{| border="1"
+
|-
+
| {{Template:Warning}} '''TRANSLATORS: Please do not translate this document until it is checked into CVS. This document is undergoing very large changes in structure and content'''
+
|}
+
 
+
--------
+
'''Documentation Summary:'''
+
  
 +
==Documentation Summary:==
 
''Purpose'': How to accomplish specific tasks with SELinux in the desktop environment. This requires a major expansion of the content beyond the SELinux FAQ which will be amalgamated into this guide in use case scenarios.
 
''Purpose'': How to accomplish specific tasks with SELinux in the desktop environment. This requires a major expansion of the content beyond the SELinux FAQ which will be amalgamated into this guide in use case scenarios.
  
 
A user who finishes reading this guide should be able to:
 
A user who finishes reading this guide should be able to:
1. Understand how the Linux kernel, policy, and user tools work together to implement SELinux in Fedora
+
# Understand how the Linux kernel, policy, and user tools work together to implement SELinux in Fedora
2. Understand the differences and interactions between legacy UNIX access controls and SELinux
+
# Understand the differences and interactions between legacy UNIX access controls and SELinux
3. Determine, set, and understand the operational mode of SELinux in a Fedora system
+
# Determine, set, and understand the operational mode of SELinux in a Fedora system
4. Determine, set, and understand object and file labels
+
# Determine, set, and understand object and file labels
5. Understand how to perform an automatic relabeling of a file system
+
# Understand how to perform an automatic relabeling of a file system
 
+
  
 
''Audience'': Individuals who are unfamiliar with SELinux and who need to learn how to function in an environment with SELinux enabled.
 
''Audience'': Individuals who are unfamiliar with SELinux and who need to learn how to function in an environment with SELinux enabled.
Line 39: Line 21:
 
''Assumptions:'' The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader '''does''' have access to the ''root'' password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)
 
''Assumptions:'' The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader '''does''' have access to the ''root'' password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)
  
''Related Documents'':
+
''Related Documents'':  dramsey, added the essence of a draft format outline with the following links:
  
* [[Docs/Drafts/SELinux/SETroubleShoot| SETroubleShoot]]  
+
* [[SELinux|SELinux]]
* [[SELinux| SELinux]]  
+
* [[SELinux/Understanding|Understanding SELinux]]
 +
** [http://www.redhat.com/v/swf/SELinux/ Try this excellent Flash presentation by Red Hat SELinux developer, Dan Walsh]
 +
* [[SELinux/MCS|Multi Category Security/MCS]]
 +
* [[SELinux/MLS|Multi Level Security/MLS]]
 +
* [[SELinux/LoadableModules|Loadable Modules]]
 +
* [http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/ Fedora 13 - Managing Confined Services Guide]
 +
* Policies -
 +
# [[SELinux/Policies|Discussion of Policies]]
 +
# [[SELinux/PolicyGenTools|Policy Generation Tools]]
 +
# [[Selinux_grammar|SELinux Policy Grammar language]]
 +
# [http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html Writing SE Linux policy HOWTO]
 +
* Technology -
 +
# [http://www.tresys.com/selinux/obj_perms_help.html An Overview of Object Classes and Permissions]
 +
# [http://www.nsa.gov/research/_files/selinux/papers/selsymp2005.pdf Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)]
 +
# [http://www.nsa.gov/research/_files/publications/implementing_selinux.pdf Implementing SELinux as a Linux Security Module]
 +
# [http://www.nsa.gov/research/_files/selinux/papers/policy/policy.shtml A Security Policy Configuration for the Security-Enhanced Linux]
 +
* User Guide -
 +
** [http://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/ Fedora 13 - Security-Enhanced Linux User Guide]
 +
* The SELinux Notebook -
 +
# [http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_Volume_1_The_Foundations.pdf The Foundations (Volume 1)]
 +
# [http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_Volume_2_Sample_Policy_Source.pdf Sample Policy Source (Volume 2)]
 +
* FAQs -
 +
# [http://fedoraproject.org/wiki/SELinux_FAQ SELinux FAQs]
 +
# [http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/ Fedora 13 - SELinux FAQ]
 +
* Troubleshooting -
 +
# [[Docs/Drafts/SELinux/SETroubleShoot|SETroubleShoot]]
 +
# [https://fedorahosted.org/setroubleshoot/ Troubleshoot Tool]
 +
# [[SELinux/Troubleshooting|Troubleshooting SELinux]]
 +
 
 +
Additional Web Site References -
 +
 
 +
* [http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/index.html Red Hat Enterprise Linux 6 - SELinux Guide]
 
* http://danwalsh.livejournal.com/
 
* http://danwalsh.livejournal.com/
 +
* http://www.devshed.com/c/a/BrainDump/Demystifying-SELinux-on-Kernel-26/
 
* http://james-morris.livejournal.com/
 
* http://james-morris.livejournal.com/
 
* http://docs.fedoraproject.org/selinux-faq
 
* http://docs.fedoraproject.org/selinux-faq
 
* http://selinuxnews.org/
 
* http://selinuxnews.org/
* http://www.nsa.gov/selinux/
+
* http://www.tresys.com/education.php
 +
 
 +
NSA References -
 +
 
 +
* [http://www.nsa.gov/selinux/ NSA SELinux main website]
 +
* [http://www.nsa.gov/research/selinux/faqs.shtml NSA SELinux FAQ]
 +
* [http://www.nsa.gov/research/selinux/ NSA SELinux Research]
 +
 
 +
History -
 +
 
 +
* [http://www.cs.utah.edu/flux/fluke/html/flask.html Quick history of Flask]
 +
* [http://www.cs.utah.edu/flux/fluke/html/index.html Full background on Fluke]
 +
 
 +
Recommended Textbook -
 +
 
 +
* [http://www.selinuxbyexample.com/ SELinux By Example: Using Security Enhanced Linux] by Frank Mayer, Karl MacMillan, David Caplan - Prentice Hall, 2007
 +
 
 +
Possibly Dated Content References -
 +
 
 +
* [[SELinux/Domains|Confined Domains]]
 +
* [[SELinux/Commands|SELinux Commands]]
  
 
''Lead Writer:''
 
''Lead Writer:''
  
 
''Writers'': MarcWiriadisastra
 
''Writers'': MarcWiriadisastra
 
  
 
--------
 
--------
Line 63: Line 96:
 
* [[Docs/Drafts/SELinux/WhatIsIt| SELinux - What is it]]  
 
* [[Docs/Drafts/SELinux/WhatIsIt| SELinux - What is it]]  
 
* [[Docs/Drafts/SELinux/Software| Software]]
 
* [[Docs/Drafts/SELinux/Software| Software]]
 +
 +
[[Category:SELinux docs]]

Latest revision as of 00:44, 29 December 2010

Warning (medium size).png
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.
Stop (medium size).png
TRANSLATORS
Please do not translate this document until it is checked into CVS. This document is undergoing very large changes in structure and content

Contents

[edit] SELinux Guide

Idea.png
Contributions are welcomed!

[edit] Documentation Summary:

Purpose: How to accomplish specific tasks with SELinux in the desktop environment. This requires a major expansion of the content beyond the SELinux FAQ which will be amalgamated into this guide in use case scenarios.

A user who finishes reading this guide should be able to:

  1. Understand how the Linux kernel, policy, and user tools work together to implement SELinux in Fedora
  2. Understand the differences and interactions between legacy UNIX access controls and SELinux
  3. Determine, set, and understand the operational mode of SELinux in a Fedora system
  4. Determine, set, and understand object and file labels
  5. Understand how to perform an automatic relabeling of a file system

Audience: Individuals who are unfamiliar with SELinux and who need to learn how to function in an environment with SELinux enabled.

Approach: This document explains basic principles by explaining one principle at a time. The document assumes some familiarity with Linux/UNIX-specific terminology or concepts. Functionality is also compared, where appropriate, to what the reader may know from other OSes, particularly Microsoft Windows.

Assumptions: The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader does have access to the root password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)

Related Documents: dramsey, added the essence of a draft format outline with the following links:

  1. Discussion of Policies
  2. Policy Generation Tools
  3. SELinux Policy Grammar language
  4. Writing SE Linux policy HOWTO
  • Technology -
  1. An Overview of Object Classes and Permissions
  2. Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)
  3. Implementing SELinux as a Linux Security Module
  4. A Security Policy Configuration for the Security-Enhanced Linux
  1. The Foundations (Volume 1)
  2. Sample Policy Source (Volume 2)
  • FAQs -
  1. SELinux FAQs
  2. Fedora 13 - SELinux FAQ
  • Troubleshooting -
  1. SETroubleShoot
  2. Troubleshoot Tool
  3. Troubleshooting SELinux

Additional Web Site References -

NSA References -

History -

Recommended Textbook -

Possibly Dated Content References -

Lead Writer:

Writers: MarcWiriadisastra


[edit] Fedora SELinux Guide DRAFT

[edit] Table of Contents