On Wed, 2006-08-30 at 19:06 +0800, Benjamin Tsai wrote: > I googled-out this document for writing selinux-aware software > application, but can’t find any of a link from RedHat. > > Does this document exist? Besides, is there any tutorial for writing > selinux-aware programs? > > I have read “Red Hat SELinux Guide”, NSA “Implementing SELinux as a > Linux Security Module,” … and some other documents about writing > selinux policy. > > But still don’t get it how to write such a program. Please give me > some directions. Thx. I don't think that such a guide was ever written, although Red Hat did contribute numerous individual man pages for libselinux functions (and other SELinux components). selinux-doc/PORTING (installed to /usr/share/doc/selinux-doc-x.y/PORTING) was a short summary of changes in the SELinux API for people porting code from the old (pre-2.6) SELinux to the new API. While written to a different audience, that document may be helpful to you. SELinux-aware applications fall into different categories; some of them are simply aware of security contexts (e.g. to get or set security contexts of processes or objects, to preserve security contexts on objects), some of them are using the SELinux API to get finer-grained protection than one can achieve via policy configuration alone, some of them are using the SELinux API to get policy decisions to enforce security policy over their own userspace objects and operations. You'll find examples throughout Fedora, plus the libselinux utils and policycoreutils included in the core SELinux userland. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
