https://bugzilla.redhat.com/show_bug.cgi?id=1180142
Bug ID: 1180142
Summary: issues in the introduction of selinux-user-guide
Product: Fedora Documentation
Version: devel
Component: selinux-user-guide
Assignee: mprpic(a)redhat.com
Reporter: nmavrogi(a)redhat.com
QA Contact: docs-qa(a)lists.fedoraproject.org
CC: mprpic(a)redhat.com, pkennedy(a)redhat.com,
zach(a)oglesby.co
[Originally sent to authors of the document]
I was trying to understand selinux using that guide, and had quite some issues
in the introduction. I send you my issues in the hope they will help to improve
the text.
-------------------------------------------------------------
Chapter 2. Introduction to SELinux:
I couldn't really understand what is selinux based on this section. It
says it is mandatory access control mechanism, and then it goes into
length explaining the 'Discretionary Access Control (DAC) system' used
typically in Linux. That's nice if you already know what selinux is,
because you can see the difference, but the opposite what I'd expect at
the moment since I have no idea what selinux is.
My suggestion would be to add the description I saw in
https://www.imperialviolet.org/2009/07/14/selinux.html
"SELinux is fundamentally about answering questions of the form “May x
do y to z?” and enforcing the result (x is subject, z is object) ...
The action (y) boils down to a class and a permission. Each class can
have up to 32 permissions (because they are stored as a bitmask in a
32-bit int). Examples of classes are FILE, TCP_SOCKET and X_EVENT. For
the FILE class, some examples of permissions are READ, WRITE, LOCK etc."
At least for me that was all the information that I needed to understand
what I can do with SELinux. A complete pictures may require to go into a
bit more length with explaining what can be a subject, object and
actions. Then mentioning about MAC and explaining it in addition to DAC
will be more natural IMO.
---------------------------------------------------------------------
2.1. Benefits of running SELinux
This is section vaguely defines domain. I reached "3.1. Domain
Transitions" and didn't know what a domain was.
Maybe add a definition of domain in 3.1 or earlier in the introduction.
---------------------------------------------------------------------
Chapter 3. SELinux Contexts
level:
It explains that in Fedora there is a single sensitivity and multiple
categories. I miss what are these categories intended to be used to? An
example with two different categories would be helpful.
--
You are receiving this mail because:
You are the QA Contact for the bug.