Quoting Dominick Grift (domg472@gmail.com):
On Mon, Dec 14, 2009 at 11:49:15AM -0600, Serge E. Hallyn wrote:
Quoting Joshua Brindle (method@manicmethod.com):
Dominick Grift wrote:
On 11/27/2009 09:31 PM, Joshua Brindle wrote:
Joshua Brindle wrote:
As we discussed at Linux Plumbers Conference during the 'Making SELinux Easier to Use" talk we have some document deficiencies in the SELinux project.
<snip>
We have gotten some good contributions to the documentation project over the last couple months but there is always more to do. I've updated the Documentation TODO at:
http://selinuxproject.org/page/Documentation_TODO
with some docs we'd like written and some guidance on what the format should be. Use cases would be particularly appreciated.
If you haven't gone to the documentation wiki lately take a look at
http://selinuxproject.org/page/Main_Page
and see what's been added.
Thanks for the help of the contributors and hopefully this effort will go a long way toward gaining users and keeping SELinux enabled.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Attached is a concept i wrote today about Locking down webapps with CGI. This was a topic in the todo list.
Would be nice if someone could proof-read this and when modified/accepted publish it.
It's a wiki :) Just put it up there and others can make
How are we to create an account to edit a page? The 'Log in/Create Account' page doesn't seem to let me create an account?
I'd like to add the recipe
useradd xasemanage user -a -R user_r xa semanage login -a -s xa xa
You would probably also need:
cd /etc/selinux/targeted/contexts/users; cp user_u xa;
To make that work.
Hmm - I didn't think in f10 or f11 I needed to, but good to know, thanks!
Easier would probably be: useradd -Z user_u xa
Excellent, didn't know about it and I like it :)
or
useradd xa semanage login -m -s user_u -r s0-s0 xa
I don't have a fedora system handy at the moment - is the help documentation in semanage now context-sensitive (so 'semanage login help' and 'semanage user help' give different, briefer, more meaningful help)?
You should send an e-mail to james morris. He maintains the site and will add a login if you ask him.
to lock user xa into its own selinux context to the recipes page. If someone else is willing to post it, all the better.
modifications. There are actually a couple people who are decent at copy editing that have done some work on the wiki so if we get technical content up there they can do what they do to clean it up.
thanks, -serge
thanks, -serge