web/html/docs/selinux-faq-fc5 index.php,1.5,1.6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Author: pfrields

Update of /cvs/fedora/web/html/docs/selinux-faq-fc5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18935

Modified Files:
	index.php 
Log Message:
Added it translation and updated en_US to newest build


View full diff with command:
/usr/bin/cvs -f diff  -kk -u -N -r 1.5 -r 1.6 index.php
Index: index.php
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-faq-fc5/index.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- index.php	28 Apr 2006 19:37:48 -0000	1.5
+++ index.php	6 Jun 2006 19:28:13 -0000	1.6
@@ -1,3423 +1,20 @@
 <?
-
 include("site.inc");
+
 $template = new Page;
-$template->initCommon(); 
+$template->initCommon();
+
 $template->displayHeader();
 
 ?>
+<h1>SELinux FAQ for Fedora Core 5</h1>
 
-<div class="article" lang="en">
-<div class="titlepage">
-<div>
-<div><h1 class="title">
-<a name="selinux-faq"></a>Fedora Core 5 SELinux FAQ</h1></div>
-<div><div class="authorgroup">
-<div class="author"><h3 class="author">
-<span class="firstname">Karsten</span> <span class="surname">Wade</span>
-</h3></div>
-<div class="author"><h3 class="author">
-<span class="firstname">Chad</span> <span class="surname">Sellers</span>
-</h3></div>
-</div></div>
-<div><p class="othercredit"><span class="firstname">Francesco</span> <span class="surname">Tombolini</span></p></div>
-<div><p class="copyright">Copyright © 2004, 2005 Red Hat, Inc., Karsten Wade</p></div>
-<div><p class="copyright">Copyright © 2006 Chad Sellers, Paul W. Frields</p></div>
-<div><div class="legalnotice">
-<a name="legalnotice"></a><p>
-  Copyright (c) 2006 by Red Hat, Inc. and others. This material may be
-  distributed only subject to the terms and conditions set forth in the Open
-  Publication License, v1.0, available at <a href="http://www.opencontent.org/openpub/"; target="_top">http://www.opencontent.org/openpub/</a>.
-  </p>
-<p>
-  Garrett LeSage created the admonition graphics (note, tip, important, caution,
-  and warning).  Tommy Reynolds <code class="email">&lt;<a href="mailto:Tommy.Reynolds@xxxxxxxxxxxxx";>Tommy.Reynolds@xxxxxxxxxxxxx</a>&gt;</code>
-  created the callout graphics.  They all may be freely redistributed with
-  documentation produced for the  Fedora Project.  
-</p>
-<p>
-  FEDORA, FEDORA PROJECT, and the Fedora Logo are trademarks of Red Hat, Inc.,
-  are registered or pending registration in the U.S. and other countries, and
-  are used here under license to the Fedora Project.
-</p>
-<p>
-  Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc.
-  in the United States and other countries.
-</p>
-<p>
-  All other trademarks and copyrights referred to are the property of their
-  respective owners.
-</p>
-</div></div>
-<div><div class="revhistory"><table border="1" width="100%" summary="Revision history">
-<tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr>
-<tr>
-<td align="left">Revision 1.5.6</td>
-<td align="left">2006-04-28</td>
-<td align="left">CS</td>
-</tr>
-<tr><td align="left" colspan="3">
-        <p>
-          Fix for bz #18727, bz#139744, bz#144696, bz#147915, and
-          bz#190181; other fixes, including from
-          http://fedoraproject.org/wiki/SELinux/FAQ/ProposedAdditions
-        </p>
-      </td></tr>
-<tr>
-<td align="left">Revision 1.5.5</td>
-<td align="left">2006-04-07</td>
-<td align="left">KW</td>
-</tr>
-<tr><td align="left" colspan="3">
-        <p>
-          Fix for bz #188219; legal notice fix.
-        </p>
-      </td></tr>
-<tr>
-<td align="left">Revision 1.5.4</td>
-<td align="left">2006-03-21</td>
-<td align="left">CS</td>
-</tr>
-<tr><td align="left" colspan="3">
-        <p>
-          Updated log file location for FC5 release, added targeted
-          domains FAQ
-        </p>
-      </td></tr>
-<tr>
-<td align="left">Revision 1.5.3</td>
-<td align="left">2006-03-21</td>
-<td align="left">CS</td>
-</tr>
-<tr><td align="left" colspan="3">
-        <p>
-          Numerous content updates for FC5 release
-        </p>
-      </td></tr>
-<tr>
-<td align="left">Revision 1.5.2</td>
-<td align="left">2006-02-10</td>
-<td align="left">PWF</td>
-</tr>
-<tr><td align="left" colspan="3">
-        <p>
-          Make admonition more easily maintainable
-        </p>
-      </td></tr>
-<tr>
-<td align="left">Revision 1.5.1</td>
-<td align="left">2006-02-05</td>
-<td align="left">PWF</td>
-</tr>
-<tr><td align="left" colspan="3">
-        <p>
-          Style and readability editing; some element clarifications
-        </p>
-      </td></tr>
-<tr>
-<td align="left">Revision 1.5</td>
-<td align="left">2006-02-03</td>
-<td align="left">CS</td>
-</tr>
-<tr><td align="left" colspan="3">
-        <p>
-          First round of editing.
-        </p>
-      </td></tr>
-</table></div></div>
-</div>
-<hr>
-</div>
-<div class="toc"><dl><dt><span class="section"><a href="#sn-selinux-faq">1. SELinux Notes and FAQ</a></span></dt></dl></div>
-<div class="section" lang="en">
-<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="sn-selinux-faq"></a>1. SELinux Notes and FAQ</h2></div></div></div>
-<p>
-      The information in this FAQ is valuable for those who are new to SELinux. It
-      is also valuable if you are new to the latest SELinux implementation in
-      Fedora Core, since some of the behavior may be different than you have
-      experienced. 
-    </p>
-<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note: This FAQ is specific to Fedora Core 5">
-<tr>
-<td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="./stylesheet-images/note.png"></td>
-<th align="left">This FAQ is specific to Fedora Core 5</th>
-</tr>
-<tr><td align="left" valign="top"><p>
-        If you are looking for the FAQ for other versions of Fedora Core, refer to
-	<a href="http://fedora.redhat.com/docs/selinux-faq/"; target="_top">http://fedora.redhat.com/docs/selinux-faq/</a>.
-      </p></td></tr>
-</table></div>
-<p>
-      For more information about how SELinux works, how to use SELinux for general
-      and specific Linux distributions, and how to write policy, these resources
-      are useful:
-    </p>
-<div class="itemizedlist">
-<a name="external-link-list"></a><p class="title"><b>External Link List</b></p>
-<ul type="disc">
-<li><p>
-          NSA SELinux main website â?? <a href="http://www.nsa.gov/selinux/"; target="_top">http://www.nsa.gov/selinux/</a>
-        </p></li>
-<li><p>
-          NSA SELinux FAQ â?? <a href="http://www.nsa.gov/selinux/info/faq.cfm"; target="_top">http://www.nsa.gov/selinux/info/faq.cfm</a>
-        </p></li>
-<li><p>
-	  SELinux community page â?? <a href="http://selinux.sourceforge.net"; target="_top">http://selinux.sourceforge.net</a>
-	</p></li>
-<li><p>
-          UnOfficial FAQ â?? <a href="http://www.crypt.gen.nz/selinux/faq.html"; target="_top">http://www.crypt.gen.nz/selinux/faq.html</a>
-        </p></li>
-<li><p>
-          Writing traditional SE Linux policy HOWTO â?? <a href="https://sourceforge.net/docman/display_doc.php?docid=21959&amp;group_id=21266"; target="_top">https://sourceforge.net/docman/display_doc.php?docid=21959&amp;group_id=21266</a>
-        </p></li>
-<li><p>
-          Reference Policy (the new policy found in Fedora Core 5) â?? <a href="http://serefpolicy.sourceforge.net/"; target="_top">http://serefpolicy.sourceforge.net/</a>
-        </p></li>
-<li><p>
-          SELinux policy development training courses â?? <a href="http://tresys.com/services/training.shtml"; target="_top">http://tresys.com/services/training.shtml</a> and <a href="https://www.redhat.com/training/security/courses/rhs429.html"; target="_top">https://www.redhat.com/training/security/courses/rhs429.html</a>
-        </p></li>
-<li><p>
-          Getting Started with SE Linux HOWTO: the new SE Linux (Debian) â??
-	  <a href="https://sourceforge.net/docman/display_doc.php?docid=20372&amp;group_id=21266"; target="_top">https://sourceforge.net/docman/display_doc.php?docid=20372&amp;group_id=21266</a>
-        </p></li>
-<li><p>
-          List of SELinux object classes and permissions â??
-	  <a href="http://tresys.com/selinux/obj_perms_help.shtml"; target="_top">http://tresys.com/selinux/obj_perms_help.shtml</a>
-        </p></li>
[...3038 lines suppressed...]
-	      For files, <code class="computeroutput">relabelfrom</code> means "Can
-	      domain D relabel a file from (i.e. currently in) type T1?" and
-	      <code class="computeroutput">relabelto</code> means "Can domain D
-	      relabel a file to type T2?", so both checks are applied upon a
-	      file relabeling, where T1 is the original type of the type and T2
-	      is the new type specified by the program.
-	    </p>
-<p>
-	      Useful documents to look at: 
-	    </p>
-<div class="itemizedlist"><ul type="disc">
-<li><p>
-	          Object class and permission summary by Tresys <a href="http://tresys.com/selinux/obj_perms_help.shtml"; target="_top">http://tresys.com/selinux/obj_perms_help.shtml</a>
-	        </p></li>
-<li><p>
-	          Implementing SELinux as an LSM technical report (describes
-	          permission checks on a per-hook basis) <a href="http://www.nsa.gov/selinux/papers/module-abs.cfm"; target="_top">http://www.nsa.gov/selinux/papers/module-abs.cfm</a>.
-		  This is also available in the selinux-doc package
-		  (and more up-to-date there).
-	        </p></li>
-<li><p>
-		  Integrating Flexible Support for Security Policies into the
-		  Linux Operating System - technical report (describes original
-		  design and implementation, including summary tables of
-		  classes, permissions, and what permission checks are applied
-		  to what system calls. It is not entirely up-to-date with
-		  current implementation, but a good resource nonetheless).
-		  <a href="http://www.nsa.gov/selinux/papers/slinux-abs.cfm"; target="_top">http://www.nsa.gov/selinux/papers/slinux-abs.cfm</a>
-		</p></li>
-</ul></div>
-</td>
-</tr>
-<tr class="qandadiv"><td align="left" valign="top" colspan="2">
-<a name="faq-div-deploying-selinux"></a><h4 class="title">
-<a name="faq-div-deploying-selinux"></a>1.4. Deploying SELinux</h4>
-</td></tr>
-<tr class="toc" colspan="2"><td align="left" valign="top" colspan="2"><dl>
-<dt>Q: <a href="#id2961714">
-              What file systems can I use for SELinux?
-            </a>
-</dt>
-<dt>Q: <a href="#id2961748">
-              How does SELinux impact system performance?
-            </a>
-</dt>
-<dt>Q: <a href="#id2961779">
-              What types of deployments, applications, and systems should I
-	      leverage SELinux in?
-            </a>
-</dt>
-<dt>Q: <a href="#id2961848">
-              How does SELinux affect third-party applications?
-            </a>
-</dt>
-</dl></td></tr>
-<tr class="question">
-<td align="left" valign="top">
-<a name="id2961714"></a><a name="id2961717"></a><b>Q:</b>
-</td>
-<td align="left" valign="top"><p>
-              What file systems can I use for SELinux?
-            </p></td>
-</tr>
-<tr class="answer">
-<td align="left" valign="top"><b>A:</b></td>
-<td align="left" valign="top">
-<p>
-              The file system must support
-              <code class="computeroutput">xattr</code> labels in the right
-              <em class="parameter"><code>security.*</code></em> namespace.  In addition to
-              ext2/ext3, XFS has recently added support for the necessary
-              labels.
-            </p>
-<p>
-	      Note that XFS SELinux support is broken in upstream kernel
-	      2.6.14 and 2.6.15, but fixed (worked around)
-	      in 2.6.16.  Your kernel must include this fix if
-	      you choose to use XFS with SELinux.
-	    </p>
-</td>
-</tr>
-<tr class="question">
-<td align="left" valign="top">
-<a name="id2961748"></a><a name="id2961756"></a><b>Q:</b>
-</td>
-<td align="left" valign="top"><p>
-              How does SELinux impact system performance?
-            </p></td>
-</tr>
-<tr class="answer">
-<td align="left" valign="top"><b>A:</b></td>
-<td align="left" valign="top"><p>
-              This is a variable that is hard to measure, and is heavily
-	      dependent on the tuning and usage of the system running SELinux.
-	      When performance was last measured, the impact was around 7% for
-	      completely untuned code.  Subsequent changes in system components
-	      such as networking are likely to have made that worse in some
-	      cases.  SELinux performance tuning continues to be a priority of the
-	      development team.
-            </p></td>
-</tr>
-<tr class="question">
-<td align="left" valign="top">
-<a name="id2961779"></a><a name="id2961782"></a><b>Q:</b>
-</td>
-<td align="left" valign="top"><p>
-              What types of deployments, applications, and systems should I
-	      leverage SELinux in?
-            </p></td>
-</tr>
-<tr class="answer">
-<td align="left" valign="top"><b>A:</b></td>
-<td align="left" valign="top">
-<p>
-              Initially, SELinux has been used on Internet facing servers that are
-	      performing a few specialized functions, where it is critical to
-	      keep extremely tight security.  Administrators typically strip
-	      such a box of all extra software and services, and run a very
-	      small, focused set of services.  A Web server or mail server is a
-	      good example.
-            </p>
-<p>
-              In these edge servers, you can lock down the policy very tightly.
-	      The smaller number of interactions with other components makes
-	      such a lock down easier.  A dedicated system running a specialized
-	      third-party application would also be a good candidate.
-            </p>
-<p>
-              In the future, SELinux will be targeted at all environments. In
-	      order to achieve this goal, the community and
-	      <em class="firstterm">independent software vendors</em>
-	      (<span class="abbrev">ISV</span>s) must work with the SELinux developers to
-	      produce the necessary policy. So far, a very restrictive
-	      <em class="firstterm">strict policy</em> has been written, as well as
-	      a <em class="firstterm">targeted policy</em> that focuses on specific,
-	      vulnerable daemons.
-            </p>
-<p>For more information about these policies, refer to <a href="#qa-whatis-policy">What is SELinux policy?</a> and <a href="#qa-whatis-targeted-policy">What is the    SELinux targeted policy?</a>.
-	    </p>
-</td>
-</tr>
-<tr class="question">
-<td align="left" valign="top">
-<a name="id2961848"></a><a name="id2961850"></a><b>Q:</b>
-</td>
-<td align="left" valign="top"><p>
-              How does SELinux affect third-party applications?
-            </p></td>
-</tr>
-<tr class="answer">
-<td align="left" valign="top"><b>A:</b></td>
-<td align="left" valign="top">
-<p>
-              One goal of implementing a targeted SELinux policy in Fedora Core is to
-	      allow third-party applications to work without modification.  The
-	      targeted policy is transparent to those unaddressed applications,
-	      and it falls back on standard Linux DAC security.  These
-	      applications, however, will not be running in an extra-secure
-	      manner. You or another provider must write policy to protect these
-	      applications with MAC security.
-            </p>
-<p>
-              It is impossible to predict how every third-party application
-	      might behave with SELinux, even running the targeted policy.  You
-	      may be able to fix issues that arise by changing the policy.  You
-	      may find that SELinux exposes previously unknown security issues
-	      with your application.  You may have to modify the  application to
-	      work under SELinux.
-            </p>
-<p>
-              Note that with the addition of <a href="#faq-entry-whatare-policy-modules">Policy Modules</a>, it is now possible
-	      for third-party developers to include policy modules with their
-	      application. If you are a third-party developer or a
-	      package-maintainer, please consider including a policy module
-	      in your package. This will allow you to secure the behavior
-	      of your application with the power of SELinux for any user
-	      installing your package.
-           </p>
-<p>
-              One important value that Fedora Core testers and users bring to the
-	      community is extensive testing of third-party applications. With
-	      that in mind, please bring your experiences to the appropriate
-	      mailing list, such as the fedora-selinux list, for discussion. For
-	      more information about that list, refer to <a href="http://www.redhat.com/mailman/listinfo/fedora-selinux-list/"; target="_top">http://www.redhat.com/mailman/listinfo/fedora-selinux-list/</a>.
-            </p>
-</td>
-</tr>
-</tbody>
-</table>
-</div>
-</div>
-</div>
+<p><a href="en_US/">en_US</a> | <a href="it/">it</a></p>
 
 <?
 
 $template->displayFooter('$Date$');
 
 ?>
-


[Index of Archives]     [Fedora Users]     [Linux ARM]     [ARM Kernel]     [Older Fedora Users]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux