Re: The SELinux Documentation Project [Request for topics]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 30, 2009 at 08:13:42PM -0600, Jason Shaw wrote:
> Starting a SELinux documentation project is a fantastic idea, and is truly
> much needed!
> 
> I am two months new to SELinux, and have literally put together an 8 inch
> binder of documentation from what I would estimate to be 50-70 different
> sources.
> 
> Areas of deficiencies that I think could use more documentation include:
> 
> 1) Current description of all objects and classes supported by SELinux

http://oss.tresys.com/projects/refpolicy/wiki/ObjectClassesPerms

This is for me the reference i use and google/maillists
> 
> 2) Simple 'getting started' policy module examples to help explain things
> such as creating new types/domains and working with domain transitions,
> explanation of how testing through a SSH shell can give you different
> results than from testing at the console, and networking examples:
> restricting access to sockets, denying access to specific network
> interfaces, details explaining why one would use macros in policy, simple
> MLS getting started examples.
http://www.youtube.com/results?search_query=SELinux+confine+a+GUI+app&search_type=

Is a series of screencasts i created whilst creating a policy for google gadgets. it is far from perfect but it might help people get started.

I also have other screencasts:

http://www.youtube.com/results?search_query=domg4721&search_type=&aq=f

and a blog with some stuff:
Especially my series on locking down selinux hs some nice examples in my view.
http://selinux-mac.blogspot.com/
> 
> 3) Explanation of how SELinux can be different between various Linux distros
> (such as how enabling the SELinux strict policy causes RHEL 5.3 not to boot,
> how MLS does not support X in Fedora and other distros, why Fedora is the
> latest development version, and how there seem to be a lot of older tools
> for SELinux that have been superseded by utilities such as semanage.

Good idea.
> 4) Tutorials showing how to use SLIDE
http://www.youtube.com/watch?v=x2soA3CD2pY

A very small intro on slide. But agreed we should do more. good idea
Although it is best to know how it works witouth slides help first

> 5) Explanation of when users and roles are used and not used (for example,
> how their use can be different between files and processes).
good idea. noted.
> 
> 6) Examples of how to test the robustness of SELinux configurations. (for
> example, try to access files and processes as root to see permission denied
> errors)

Good idea i think one or some of my videos touched on confining root and it impact.


Great ideas , thanks for your feedback. i will use this to create some new documentation in the near future.

> 
> 
> On Mon, Sep 28, 2009 at 1:48 PM, Joshua Brindle <method@xxxxxxxxxxxxxxx>wrote:
> 
> > As we discussed at Linux Plumbers Conference during the 'Making SELinux
> > Easier to Use" talk we have some document deficiencies in the SELinux
> > project.
> >
> > I volunteered to start an SELinux Documentation Project. The primary
> > purpose of the project would be to get as much documentation as possible on
> > the selinuxproject.org wiki, organized in a fashion that users can
> > understand and consume easily.
> >
> > As I admitted before, we, the developers, are not always the best people to
> > judge what documentation users need and therefore am requesting users,
> > hopefully from different backgrounds and environments, tell us what
> > documentation they feel is lacking, what questions they've been asked or
> > have asked themselves and couldn't find documentation for.
> >
> > I think we need basic documentation that tells about SELinux (both beginner
> > and advanced), howto's for specific things (using secmark, using netlabel,
> > etc) and a set of short 'recipes' to accomplish simple tasks.
> >
> > There are documents all over the place with various information, as well as
> > blog entries and mailing list archives but the effort here is to consolidate
> > all those resources onto selinuxproject.org.
> >
> > I'd also like to see volunteers in the community to help out with the
> > documentation effort, I know quite a few people already write things like
> > this on blogs, etc and it would be great to see that information
> > moved/copied onto selinuxproject.org.
> >
> >
> > Users:
> >
> > Please, if you are a user and have run in to lack of documentation respond
> > to this thread, or privately if you aren't comfortable talking on list so
> > that we can collect what the biggest deficiencies are and get to writing
> > documentation as soon as possible.
> >
> >
> > Thanks.
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >

> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list

Attachment: pgp4qiOrE8JLT.pgp
Description: PGP signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux