From Fedora Project Wiki
< SELinux
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{draft}} | {{draft}} | ||
== Motivation == | |||
Having proper guidelines how to ship own SELinux module in a product RPM package and how to remove it from distribution SELinux Policy. | |||
== Benefits == | |||
* Fedora Distribution policy reflects the latest features of those products so that users have a positive experience while being secured. | |||
* More SELinux features and adoptions in future. | |||
* More portable distribution policy for various platforms | |||
* Proper guidelines for product package maintainers. This includes: Fedora Package guidelines. | |||
* Cockpit, Docker, OpenStack teams ship own policies and these policies are not part of our distribution policy. | |||
== Resources == | == Resources == | ||
Revision as of 16:27, 16 December 2016
This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.
It is still under construction and content may change. Do not rely on the information on this page.
Motivation
Having proper guidelines how to ship own SELinux module in a product RPM package and how to remove it from distribution SELinux Policy.
Benefits
- Fedora Distribution policy reflects the latest features of those products so that users have a positive experience while being secured.
- More SELinux features and adoptions in future.
- More portable distribution policy for various platforms
- Proper guidelines for product package maintainers. This includes: Fedora Package guidelines.
- Cockpit, Docker, OpenStack teams ship own policies and these policies are not part of our distribution policy.
Resources
SELinux in general
- https://docs.fedoraproject.org/en-US/Fedora/25/html/SELinux_Users_and_Administrators_Guide/index.html
- https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/SELinux_Users_and_Administrators_Guide/
- https://mgrepl.wordpress.com/2016/11/01/selinux-security-policy-part1-is-it-a-magic/
- https://mgrepl.wordpress.com/2016/11/29/selinux-security-policy-part2-labels/
- https://mgrepl.wordpress.com/2016/12/13/selinux-security-policy-part-3-lables-in-action/
Why is SELinux useful
- https://lvrabec-selinux.rhcloud.com/wp-content/uploads/2016/08/slides-deck-6-7-9.html#/
- http://danwalsh.livejournal.com/71396.html
- https://www.youtube.com/watch?v=Ysshrh4aGOs&t=3s
- http://lvrabec-selinux.rhcloud.com/wp-content/uploads/2016/11/openAlt_proactive_security.pdf
- http://lvrabec-selinux.rhcloud.com/wp-content/uploads/2016/11/LinuxDays.pdf
- https://mgrepl.wordpress.com/2015/11/04/cve-2015-5602-and-selinux/
Writing own Policy module
- https://mgrepl.fedorapeople.org/Presentations/WritingSELinuxPolicy.pdf
- https://mgrepl.wordpress.com/2015/05/20/how-to-create-a-new-initial-policy-using-sepolicy-generate-tool/
Shipping own SELinux module
- https://lvrabec-selinux.rhcloud.com/2016/09/19/creating-local-module-quickly-in-cil/
- https://lvrabec-selinux.rhcloud.com/2016/08/17/how-to-quickly-modify-selinux-module-from-distro-policy/
- https://lvrabec-selinux.rhcloud.com/2015/12/01/troubles-with-custom-selinux-modules/
- https://lvrabec-selinux.rhcloud.com/2015/07/07/how-to-create-selinux-product-policy/
- https://plautrba.fedorapeople.org/blok/Fedora-SELinux-module-packaging.html
- https://mgrepl.wordpress.com/2015/07/31/cil-part2-module-priorities/