Red Hat SELinux Application Development Guide?
Stephen Smalley
sds at tycho.nsa.gov
Wed Aug 30 11:57:55 UTC 2006
On Wed, 2006-08-30 at 19:06 +0800, Benjamin Tsai wrote:
> I googled-out this document for writing selinux-aware software
> application, but can’t find any of a link from RedHat.
>
> Does this document exist? Besides, is there any tutorial for writing
> selinux-aware programs?
>
> I have read “Red Hat SELinux Guide”, NSA “Implementing SELinux as a
> Linux Security Module,” … and some other documents about writing
> selinux policy.
>
> But still don’t get it how to write such a program. Please give me
> some directions. Thx.
I don't think that such a guide was ever written, although Red Hat did
contribute numerous individual man pages for libselinux functions (and
other SELinux components).
selinux-doc/PORTING (installed
to /usr/share/doc/selinux-doc-x.y/PORTING) was a short summary of
changes in the SELinux API for people porting code from the old
(pre-2.6) SELinux to the new API. While written to a different
audience, that document may be helpful to you.
SELinux-aware applications fall into different categories; some of them
are simply aware of security contexts (e.g. to get or set security
contexts of processes or objects, to preserve security contexts on
objects), some of them are using the SELinux API to get finer-grained
protection than one can achieve via policy configuration alone, some of
them are using the SELinux API to get policy decisions to enforce
security policy over their own userspace objects and operations. You'll
find examples throughout Fedora, plus the libselinux utils and
policycoreutils included in the core SELinux userland.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list