I found Sven's cookbook a good first step for when you go beyond sys admin and into policy writing:
https://www.packtpub.com/networking-and-servers/selinux-cookbook
Taking the time to understand how the referece policy is structured will really help, as you will always be using its interfaces in your policies:
https://github.com/TresysTechnology/refpolicy/wiki
There's no real substitute for getting in there and confining your first service though.
Cheers
Phil
Robin Lee Powell ---02/08/2016 17:22:28---On Mon, Aug 01, 2016 at 10:20:32PM +0000, Parker, Michael D. wrote: > What are you all doing/have do
From: Robin Lee Powell <rlpowell@xxxxxxxxxxxxxxxxxx>
To: "Parker, Michael D." <Michael.D.Parker@xxxxxx>
Cc: "selinux@xxxxxxxxxxxxxxxxxxxxxxx" <selinux@xxxxxxxxxxxxxxxxxxxxxxx>
Date: 02/08/2016 17:22
Subject: Re: [selinux] RE: --EXTERNAL--Welcome to the "selinux" mailing list
On Mon, Aug 01, 2016 at 10:20:32PM +0000, Parker, Michael D. wrote:
> What are you all doing/have done to boot strap your knowledge about SELinux?
I was reasonably happy with https://www.amazon.com/dp/B00FEFRG4O/ ,
although what I actually did was disabled unconfined on my system
and asked a lot of questions trying to put it back together. :)
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
-- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
