From Fedora Project Wiki

< Docs‎ | Drafts

m (internal link cleaning)
 
(3 intermediate revisions by one other user not shown)
Line 21: Line 21:
''Assumptions:'' The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader '''does''' have access to the ''root'' password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)
''Assumptions:'' The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader '''does''' have access to the ''root'' password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)


''Related Documents'':
''Related Documents'':  dramsey, added the essence of a draft format outline with the following links:


* [[SELinux|SELinux]]
* [[SELinux|SELinux]]
Line 29: Line 29:
* [[SELinux/MLS|Multi Level Security/MLS]]
* [[SELinux/MLS|Multi Level Security/MLS]]
* [[SELinux/LoadableModules|Loadable Modules]]
* [[SELinux/LoadableModules|Loadable Modules]]
** [http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/ Fedora 13 - Managing Confined Services Guide]
* [http://docs.fedoraproject.org/en-US/Fedora/13/html/Managing_Confined_Services/ Fedora 13 - Managing Confined Services Guide]
* Policies -
* Policies -
# [[SELinux/Policies|Discussion of Policies]]
# [[SELinux/Policies|Discussion of Policies]]
Line 46: Line 46:
# [http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_Volume_2_Sample_Policy_Source.pdf Sample Policy Source (Volume 2)]
# [http://www.freetechbooks.com/efiles/selinuxnotebook/The_SELinux_Notebook_Volume_2_Sample_Policy_Source.pdf Sample Policy Source (Volume 2)]
* FAQs -
* FAQs -
# [http://fedoraproject.org/wiki/SELinux_FAQ SELinux FAQs]
# [[SELinux_FAQ|SELinux FAQs]]
# [http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/ Fedora 13 - SELinux FAQ]
# [http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/ Fedora 13 - SELinux FAQ]
* Troubleshooting -
* Troubleshooting -
Line 55: Line 55:
Additional Web Site References -
Additional Web Site References -


* [http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/index.html Red Hat Enterprise Linux 6 - SELinux Guide]
* http://danwalsh.livejournal.com/
* http://danwalsh.livejournal.com/
* http://www.devshed.com/c/a/BrainDump/Demystifying-SELinux-on-Kernel-26/
* http://www.devshed.com/c/a/BrainDump/Demystifying-SELinux-on-Kernel-26/

Latest revision as of 13:50, 18 September 2016

Warning.png
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.
Stop (medium size).png
TRANSLATORS
Please do not translate this document until it is checked into CVS. This document is undergoing very large changes in structure and content

SELinux Guide

Idea.png
Contributions are welcomed!

Documentation Summary:

Purpose: How to accomplish specific tasks with SELinux in the desktop environment. This requires a major expansion of the content beyond the SELinux FAQ which will be amalgamated into this guide in use case scenarios.

A user who finishes reading this guide should be able to:

  1. Understand how the Linux kernel, policy, and user tools work together to implement SELinux in Fedora
  2. Understand the differences and interactions between legacy UNIX access controls and SELinux
  3. Determine, set, and understand the operational mode of SELinux in a Fedora system
  4. Determine, set, and understand object and file labels
  5. Understand how to perform an automatic relabeling of a file system

Audience: Individuals who are unfamiliar with SELinux and who need to learn how to function in an environment with SELinux enabled.

Approach: This document explains basic principles by explaining one principle at a time. The document assumes some familiarity with Linux/UNIX-specific terminology or concepts. Functionality is also compared, where appropriate, to what the reader may know from other OSes, particularly Microsoft Windows.

Assumptions: The reader has a standard Desktop class installation of Fedora with, including a user account with the default settings. The reader does have access to the root password. (We changed this "non-root access" assumption so that we can include more coverage of regular software updates and the installation of alternate packages and desktops.)

Related Documents: dramsey, added the essence of a draft format outline with the following links:

  1. Discussion of Policies
  2. Policy Generation Tools
  3. SELinux Policy Grammar language
  4. Writing SE Linux policy HOWTO
  • Technology -
  1. An Overview of Object Classes and Permissions
  2. Integrating Flexible Support for Security Policies into the Linux Operating System (a history of Flask implementation in Linux)
  3. Implementing SELinux as a Linux Security Module
  4. A Security Policy Configuration for the Security-Enhanced Linux
  1. The Foundations (Volume 1)
  2. Sample Policy Source (Volume 2)
  • FAQs -
  1. SELinux FAQs
  2. Fedora 13 - SELinux FAQ
  • Troubleshooting -
  1. SETroubleShoot
  2. Troubleshoot Tool
  3. Troubleshooting SELinux

Additional Web Site References -

NSA References -

History -

Recommended Textbook -

Possibly Dated Content References -

Lead Writer:

Writers: MarcWiriadisastra


Fedora SELinux Guide DRAFT

Table of Contents