Re: The SELinux Documentation Project

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 14, 2009 at 12:32:01PM -0600, Serge E. Hallyn wrote:
> Quoting Dominick Grift (domg472@xxxxxxxxx):
> > On Mon, Dec 14, 2009 at 11:49:15AM -0600, Serge E. Hallyn wrote:
> > > Quoting Joshua Brindle (method@xxxxxxxxxxxxxxx):
> > > > Dominick Grift wrote:
> > > > >On 11/27/2009 09:31 PM, Joshua Brindle wrote:
> > > > >>Joshua Brindle wrote:
> > > > >>>As we discussed at Linux Plumbers Conference during the 'Making SELinux
> > > > >>>Easier to Use" talk we have some document deficiencies in the SELinux
> > > > >>>project.
> > > > >>>
> > > > >><snip>
> > > > >>
> > > > >>We have gotten some good contributions to the documentation project over
> > > > >>the last couple months but there is always more to do. I've updated the
> > > > >>Documentation TODO at:
> > > > >>
> > > > >><http://selinuxproject.org/page/Documentation_TODO>
> > > > >>
> > > > >>with some docs we'd like written and some guidance on what the format
> > > > >>should be. Use cases would be particularly appreciated.
> > > > >>
> > > > >>If you haven't gone to the documentation wiki lately take a look at
> > > > >>
> > > > >><http://selinuxproject.org/page/Main_Page>
> > > > >>
> > > > >>and see what's been added.
> > > > >>
> > > > >>Thanks for the help of the contributors and hopefully this effort will
> > > > >>go a long way toward gaining users and keeping SELinux enabled.
> > > > >>
> > > > >>--
> > > > >>fedora-selinux-list mailing list
> > > > >>fedora-selinux-list@xxxxxxxxxx
> > > > >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > > > >
> > > > >Attached is a concept i wrote today about Locking down webapps with CGI.
> > > > >This was a topic in the todo list.
> > > > >
> > > > >Would be nice if someone could proof-read this and when
> > > > >modified/accepted publish it.
> > > > 
> > > > It's a wiki :) Just put it up there and others can make
> > > 
> > > How are we to create an account to edit a page?  The 'Log in/Create
> > > Account' page doesn't seem to let me create an account?
> > > 
> > > I'd like to add the recipe
> > > 
> > >         useradd xa
> > > 	semanage user -a -R user_r xa
> > > 	semanage login -a -s xa xa
> > 
> > You would probably also need:
> > 
> > cd /etc/selinux/targeted/contexts/users; cp user_u xa;
> > 
> > To make that work.
> 
> Hmm - I didn't think in f10 or f11 I needed to, but good to
> know, thanks!
> 
> > Easier would probably be: useradd -Z user_u xa
> 
> Excellent, didn't know about it and I like it :)
> 
> > or
> > 
> > useradd xa
> > semanage login -m -s user_u -r s0-s0 xa
> 
> I don't have a fedora system handy at the moment - is the help
> documentation in semanage now context-sensitive (so
> 'semanage login help' and 'semanage user help' give different,
> briefer, more meaningful help)?

less meaningful i would say:

[root@localhost etc]# semanage login help
/usr/sbin/semanage: Invalid command: semanage login help

[root@localhost etc]# semanage user help
/usr/sbin/semanage: Invalid command: semanage user help

> 
> > You should send an e-mail to james morris. He maintains the site and will add a login if you ask him.
> > 
> > > 
> > > to lock user xa into its own selinux context to the recipes page.
> > > If someone else is willing to post it, all the better.
> > > 
> > > > modifications. There are actually a couple people who are decent at
> > > > copy editing that have done some work on the wiki so if we get
> > > > technical content up there they can do what they do to clean it up.
> > > 
> > > thanks,
> > > -serge
> 
> thanks,
> -serge

Attachment: pgpMRn742Ippw.pgp
Description: PGP signature

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux