The SELinux Documentation Project [Request for topics]
Dominick Grift
domg472 at gmail.com
Thu Oct 1 10:10:16 UTC 2009
On Wed, Sep 30, 2009 at 08:13:42PM -0600, Jason Shaw wrote:
> Starting a SELinux documentation project is a fantastic idea, and is truly
> much needed!
>
> I am two months new to SELinux, and have literally put together an 8 inch
> binder of documentation from what I would estimate to be 50-70 different
> sources.
>
> Areas of deficiencies that I think could use more documentation include:
>
> 1) Current description of all objects and classes supported by SELinux
http://oss.tresys.com/projects/refpolicy/wiki/ObjectClassesPerms
This is for me the reference i use and google/maillists
>
> 2) Simple 'getting started' policy module examples to help explain things
> such as creating new types/domains and working with domain transitions,
> explanation of how testing through a SSH shell can give you different
> results than from testing at the console, and networking examples:
> restricting access to sockets, denying access to specific network
> interfaces, details explaining why one would use macros in policy, simple
> MLS getting started examples.
http://www.youtube.com/results?search_query=SELinux+confine+a+GUI+app&search_type=
Is a series of screencasts i created whilst creating a policy for google gadgets. it is far from perfect but it might help people get started.
I also have other screencasts:
http://www.youtube.com/results?search_query=domg4721&search_type=&aq=f
and a blog with some stuff:
Especially my series on locking down selinux hs some nice examples in my view.
http://selinux-mac.blogspot.com/
>
> 3) Explanation of how SELinux can be different between various Linux distros
> (such as how enabling the SELinux strict policy causes RHEL 5.3 not to boot,
> how MLS does not support X in Fedora and other distros, why Fedora is the
> latest development version, and how there seem to be a lot of older tools
> for SELinux that have been superseded by utilities such as semanage.
Good idea.
> 4) Tutorials showing how to use SLIDE
http://www.youtube.com/watch?v=x2soA3CD2pY
A very small intro on slide. But agreed we should do more. good idea
Although it is best to know how it works witouth slides help first
> 5) Explanation of when users and roles are used and not used (for example,
> how their use can be different between files and processes).
good idea. noted.
>
> 6) Examples of how to test the robustness of SELinux configurations. (for
> example, try to access files and processes as root to see permission denied
> errors)
Good idea i think one or some of my videos touched on confining root and it impact.
Great ideas , thanks for your feedback. i will use this to create some new documentation in the near future.
>
>
> On Mon, Sep 28, 2009 at 1:48 PM, Joshua Brindle <method at manicmethod.com>wrote:
>
> > As we discussed at Linux Plumbers Conference during the 'Making SELinux
> > Easier to Use" talk we have some document deficiencies in the SELinux
> > project.
> >
> > I volunteered to start an SELinux Documentation Project. The primary
> > purpose of the project would be to get as much documentation as possible on
> > the selinuxproject.org wiki, organized in a fashion that users can
> > understand and consume easily.
> >
> > As I admitted before, we, the developers, are not always the best people to
> > judge what documentation users need and therefore am requesting users,
> > hopefully from different backgrounds and environments, tell us what
> > documentation they feel is lacking, what questions they've been asked or
> > have asked themselves and couldn't find documentation for.
> >
> > I think we need basic documentation that tells about SELinux (both beginner
> > and advanced), howto's for specific things (using secmark, using netlabel,
> > etc) and a set of short 'recipes' to accomplish simple tasks.
> >
> > There are documents all over the place with various information, as well as
> > blog entries and mailing list archives but the effort here is to consolidate
> > all those resources onto selinuxproject.org.
> >
> > I'd also like to see volunteers in the community to help out with the
> > documentation effort, I know quite a few people already write things like
> > this on blogs, etc and it would be great to see that information
> > moved/copied onto selinuxproject.org.
> >
> >
> > Users:
> >
> > Please, if you are a user and have run in to lack of documentation respond
> > to this thread, or privately if you aren't comfortable talking on list so
> > that we can collect what the biggest deficiencies are and get to writing
> > documentation as soon as possible.
> >
> >
> > Thanks.
> >
> > --
> > fedora-selinux-list mailing list
> > fedora-selinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> >
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091001/958df835/attachment.sig>
More information about the fedora-selinux-list
mailing list