On Wed, Sep 30, 2009 at 08:13:42PM -0600, Jason Shaw wrote: > Starting a SELinux documentation project is a fantastic idea, and is truly > much needed! > > I am two months new to SELinux, and have literally put together an 8 inch > binder of documentation from what I would estimate to be 50-70 different > sources. > > Areas of deficiencies that I think could use more documentation include: > > 1) Current description of all objects and classes supported by SELinux http://oss.tresys.com/projects/refpolicy/wiki/ObjectClassesPerms This is for me the reference i use and google/maillists > > 2) Simple 'getting started' policy module examples to help explain things > such as creating new types/domains and working with domain transitions, > explanation of how testing through a SSH shell can give you different > results than from testing at the console, and networking examples: > restricting access to sockets, denying access to specific network > interfaces, details explaining why one would use macros in policy, simple > MLS getting started examples. http://www.youtube.com/results?search_query=SELinux+confine+a+GUI+app&search_type= Is a series of screencasts i created whilst creating a policy for google gadgets. it is far from perfect but it might help people get started. I also have other screencasts: http://www.youtube.com/results?search_query=domg4721&search_type=&aq=f and a blog with some stuff: Especially my series on locking down selinux hs some nice examples in my view. http://selinux-mac.blogspot.com/ > > 3) Explanation of how SELinux can be different between various Linux distros > (such as how enabling the SELinux strict policy causes RHEL 5.3 not to boot, > how MLS does not support X in Fedora and other distros, why Fedora is the > latest development version, and how there seem to be a lot of older tools > for SELinux that have been superseded by utilities such as semanage. Good idea. > 4) Tutorials showing how to use SLIDE http://www.youtube.com/watch?v=x2soA3CD2pY A very small intro on slide. But agreed we should do more. good idea Although it is best to know how it works witouth slides help first > 5) Explanation of when users and roles are used and not used (for example, > how their use can be different between files and processes). good idea. noted. > > 6) Examples of how to test the robustness of SELinux configurations. (for > example, try to access files and processes as root to see permission denied > errors) Good idea i think one or some of my videos touched on confining root and it impact. Great ideas , thanks for your feedback. i will use this to create some new documentation in the near future. > > > On Mon, Sep 28, 2009 at 1:48 PM, Joshua Brindle <method@xxxxxxxxxxxxxxx>wrote: > > > As we discussed at Linux Plumbers Conference during the 'Making SELinux > > Easier to Use" talk we have some document deficiencies in the SELinux > > project. > > > > I volunteered to start an SELinux Documentation Project. The primary > > purpose of the project would be to get as much documentation as possible on > > the selinuxproject.org wiki, organized in a fashion that users can > > understand and consume easily. > > > > As I admitted before, we, the developers, are not always the best people to > > judge what documentation users need and therefore am requesting users, > > hopefully from different backgrounds and environments, tell us what > > documentation they feel is lacking, what questions they've been asked or > > have asked themselves and couldn't find documentation for. > > > > I think we need basic documentation that tells about SELinux (both beginner > > and advanced), howto's for specific things (using secmark, using netlabel, > > etc) and a set of short 'recipes' to accomplish simple tasks. > > > > There are documents all over the place with various information, as well as > > blog entries and mailing list archives but the effort here is to consolidate > > all those resources onto selinuxproject.org. > > > > I'd also like to see volunteers in the community to help out with the > > documentation effort, I know quite a few people already write things like > > this on blogs, etc and it would be great to see that information > > moved/copied onto selinuxproject.org. > > > > > > Users: > > > > Please, if you are a user and have run in to lack of documentation respond > > to this thread, or privately if you aren't comfortable talking on list so > > that we can collect what the biggest deficiencies are and get to writing > > documentation as soon as possible. > > > > > > Thanks. > > > > -- > > fedora-selinux-list mailing list > > fedora-selinux-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attachment:
pgp4qiOrE8JLT.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
