selinux-faq/en_US selinux-faq.xml,1.11,1.12

Chad Sellers (csellers) fedora-docs-commits at redhat.com
Fri Apr 28 16:57:27 UTC 2006 

Author: csellers

Update of /cvs/docs/selinux-faq/en_US
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv7060

Modified Files:
	selinux-faq.xml 
Log Message:
added basic FAQ entry for administrator configuration, addressed bz#144696 and bz#147915


Index: selinux-faq.xml
===================================================================
RCS file: /cvs/docs/selinux-faq/en_US/selinux-faq.xml,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- selinux-faq.xml	20 Apr 2006 20:16:03 -0000	1.11
+++ selinux-faq.xml	28 Apr 2006 16:57:25 -0000	1.12
@@ -714,6 +714,82 @@
             </para>
           </answer>
         </qandaentry>
+        <qandaentry>
+          <question>
+            <para>
+              As an administrator, what do I need to do to configure &SEL; for
+	      my system?
+            </para>
+          </question>
+          <answer>
+            <para>
+              The answer might be nothing. There are many Fedora users that
+	      don't even realize that they are using SELinux. SELinux provides
+	      protection for their systems with an out-of-the-box
+	      configuration. That said, there are a couple of things an
+	      administrator might want to do to configure their system. These
+	      include:
+            </para>
+	    <variablelist>
+	      <varlistentry>
+	        <term>booleans</term>
+		<listitem>
+		  <para>
+		    Booleans are settings that can be flipped to alter SELinux
+		    policy behavior without having to write new policy. There
+		    are many booleans that can be set in Fedora, and they allow
+		    an administrator to configure SELinux to a great degree.
+		    To view the available booleans and modify their settings,
+		    use <command>system-config-securitylevel</command> or the
+		    command line tool <command>setsebool</command>.
+		  </para>
+		</listitem>
+	      </varlistentry>
+	      <varlistentry>
+	        <term>setting customizable file contexts</term>
+		<listitem>
+		  <para>
+		    Files on an SELinux system have a security context which
+		    is stored in the extended attribute of the file (behavior
+		    can vary from filesystem to filesystem, but this is how
+		    ext3 works). These are set by <command>rpm</command>
+		    automatically, but sometimes a user might want to set a
+		    particular context on a file. An example would be setting
+		    the context on a <filename>public_html</filename> directory
+		    so that <command>apache</command> can access it, as
+		    illustrated in
+	            <xref linkend="faq-entry-public_html"/>.
+		  </para>
+		  <para>
+		    For a list of types that you might want to assign to files,
+		    see
+		    <filename>/etc/selinux/targeted/contexts/customizable_types</filename>.
+		    These are types commonly assigned to files by users and
+		    administrators. To set these, use the
+		    <command>chcon</command> command. Note that the types in
+		    <filename>customizable_types</filename> are
+		    also preserved after a relabel, so relabeling the system
+		    will not undo this.
+		  </para>
+		</listitem>
+	      </varlistentry>
+	      <varlistentry>
+	        <term>making badly behaving libraries work</term>
+		<listitem>
+		  <para>
+		    There are many libraries around that behave badly and try
+		    to break the memory protections SELinux provides. These
+		    libraries should really be fixed, so please file a bug with
+		    the library maintainer. That said, they can be made to
+		    work. More information and solutions to make the libraries
+		    work can be found in 
+		    <xref linkend="faq-entry-unconfined_t"/>. 
+		  </para>
+		</listitem>
+	      </varlistentry>
+	    </variablelist>
+          </answer>
+        </qandaentry>
         <qandaentry id="qa-using-s-c-securitylevel" xreflabel="How to use system-config-securitylevel">
           <question>
             <para>
@@ -1239,7 +1315,7 @@
             </procedure>
           </answer>
         </qandaentry>
-        <qandaentry>
+        <qandaentry id="faq-entry-public_html" xreflabel="How do I make a user public_html directory work under SELinux">
           <question>
             <para>
               How do I make a user <filename>public_html</filename> directory
@@ -2215,7 +2291,7 @@
             </para>
           </answer>
         </qandaentry>
-	<qandaentry>
+        <qandaentry id="faq-entry-unconfined_t" xreflabel="I have a process running as unconfined_t, and SELinux is still preventing my application from running">
 	  <question>
 	    <para>
 	      I have a process running as

More information about the Fedora-docs-commits mailing list