On Mon, Dec 14, 2009 at 12:32:01PM -0600, Serge E. Hallyn wrote: > Quoting Dominick Grift (domg472@xxxxxxxxx): > > On Mon, Dec 14, 2009 at 11:49:15AM -0600, Serge E. Hallyn wrote: > > > Quoting Joshua Brindle (method@xxxxxxxxxxxxxxx): > > > > Dominick Grift wrote: > > > > >On 11/27/2009 09:31 PM, Joshua Brindle wrote: > > > > >>Joshua Brindle wrote: > > > > >>>As we discussed at Linux Plumbers Conference during the 'Making SELinux > > > > >>>Easier to Use" talk we have some document deficiencies in the SELinux > > > > >>>project. > > > > >>> > > > > >><snip> > > > > >> > > > > >>We have gotten some good contributions to the documentation project over > > > > >>the last couple months but there is always more to do. I've updated the > > > > >>Documentation TODO at: > > > > >> > > > > >><http://selinuxproject.org/page/Documentation_TODO> > > > > >> > > > > >>with some docs we'd like written and some guidance on what the format > > > > >>should be. Use cases would be particularly appreciated. > > > > >> > > > > >>If you haven't gone to the documentation wiki lately take a look at > > > > >> > > > > >><http://selinuxproject.org/page/Main_Page> > > > > >> > > > > >>and see what's been added. > > > > >> > > > > >>Thanks for the help of the contributors and hopefully this effort will > > > > >>go a long way toward gaining users and keeping SELinux enabled. > > > > >> > > > > >>-- > > > > >>fedora-selinux-list mailing list > > > > >>fedora-selinux-list@xxxxxxxxxx > > > > >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > > > > > > > > >Attached is a concept i wrote today about Locking down webapps with CGI. > > > > >This was a topic in the todo list. > > > > > > > > > >Would be nice if someone could proof-read this and when > > > > >modified/accepted publish it. > > > > > > > > It's a wiki :) Just put it up there and others can make > > > > > > How are we to create an account to edit a page? The 'Log in/Create > > > Account' page doesn't seem to let me create an account? > > > > > > I'd like to add the recipe > > > > > > useradd xa > > > semanage user -a -R user_r xa > > > semanage login -a -s xa xa > > > > You would probably also need: > > > > cd /etc/selinux/targeted/contexts/users; cp user_u xa; > > > > To make that work. > > Hmm - I didn't think in f10 or f11 I needed to, but good to > know, thanks! > > > Easier would probably be: useradd -Z user_u xa > > Excellent, didn't know about it and I like it :) > > > or > > > > useradd xa > > semanage login -m -s user_u -r s0-s0 xa > > I don't have a fedora system handy at the moment - is the help > documentation in semanage now context-sensitive (so > 'semanage login help' and 'semanage user help' give different, > briefer, more meaningful help)? less meaningful i would say: [root@localhost etc]# semanage login help /usr/sbin/semanage: Invalid command: semanage login help [root@localhost etc]# semanage user help /usr/sbin/semanage: Invalid command: semanage user help > > > You should send an e-mail to james morris. He maintains the site and will add a login if you ask him. > > > > > > > > to lock user xa into its own selinux context to the recipes page. > > > If someone else is willing to post it, all the better. > > > > > > > modifications. There are actually a couple people who are decent at > > > > copy editing that have done some work on the wiki so if we get > > > > technical content up there they can do what they do to clean it up. > > > > > > thanks, > > > -serge > > thanks, > -serge
Attachment:
pgpMRn742Ippw.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
