On Wednesday 30 August 2006 21:57, Stephen Smalley wrote: > On Wed, 2006-08-30 at 19:06 +0800, Benjamin Tsai wrote: > > I googled-out this document for writing selinux-aware software > > application, but can’t find any of a link from RedHat. > > > > Does this document exist? Besides, is there any tutorial for writing > > selinux-aware programs? > > > > I have read “Red Hat SELinux Guide”, NSA “Implementing SELinux as a > > Linux Security Module,” … and some other documents about writing > > selinux policy. > > > > But still don’t get it how to write such a program. Please give me > > some directions. Thx. > > I don't think that such a guide was ever written, although Red Hat did > contribute numerous individual man pages for libselinux functions (and > other SELinux components). > > selinux-doc/PORTING (installed > to /usr/share/doc/selinux-doc-x.y/PORTING) was a short summary of > changes in the SELinux API for people porting code from the old > (pre-2.6) SELinux to the new API. While written to a different > audience, that document may be helpful to you. > > SELinux-aware applications fall into different categories; some of them > are simply aware of security contexts (e.g. to get or set security > contexts of processes or objects, to preserve security contexts on > objects), some of them are using the SELinux API to get finer-grained > protection than one can achieve via policy configuration alone, some of > them are using the SELinux API to get policy decisions to enforce > security policy over their own userspace objects and operations. You'll > find examples throughout Fedora, plus the libselinux utils and > policycoreutils included in the core SELinux userland. I've contacted Karsten Wade who was listed as the author of this and am waiting to hear. I didn't see it in any of the listed works in our current repo. -- David O'Brien Red Hat Asia Pacific Pty Ltd Tel: +61-7-3514-8189 Fax: +61-7-3514-8199 email: daobrien@xxxxxxxxxx web: http://apac.redhat.com/ IRC: daobrien #docs #selinux #devel #doc-i18n -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
