On Wed, Sep 30, 2009 at 08:13:42PM -0600, Jason Shaw wrote:
Starting a SELinux documentation project is a fantastic idea, and is truly much needed!
I am two months new to SELinux, and have literally put together an 8 inch binder of documentation from what I would estimate to be 50-70 different sources.
Areas of deficiencies that I think could use more documentation include:
- Current description of all objects and classes supported by SELinux
http://oss.tresys.com/projects/refpolicy/wiki/ObjectClassesPerms
This is for me the reference i use and google/maillists
- Simple 'getting started' policy module examples to help explain things
such as creating new types/domains and working with domain transitions, explanation of how testing through a SSH shell can give you different results than from testing at the console, and networking examples: restricting access to sockets, denying access to specific network interfaces, details explaining why one would use macros in policy, simple MLS getting started examples.
http://www.youtube.com/results?search_query=SELinux+confine+a+GUI+app&se...
Is a series of screencasts i created whilst creating a policy for google gadgets. it is far from perfect but it might help people get started.
I also have other screencasts:
http://www.youtube.com/results?search_query=domg4721&search_type=&aq...
and a blog with some stuff: Especially my series on locking down selinux hs some nice examples in my view. http://selinux-mac.blogspot.com/
- Explanation of how SELinux can be different between various Linux distros
(such as how enabling the SELinux strict policy causes RHEL 5.3 not to boot, how MLS does not support X in Fedora and other distros, why Fedora is the latest development version, and how there seem to be a lot of older tools for SELinux that have been superseded by utilities such as semanage.
Good idea.
- Tutorials showing how to use SLIDE
http://www.youtube.com/watch?v=x2soA3CD2pY
A very small intro on slide. But agreed we should do more. good idea Although it is best to know how it works witouth slides help first
- Explanation of when users and roles are used and not used (for example,
how their use can be different between files and processes).
good idea. noted.
- Examples of how to test the robustness of SELinux configurations. (for
example, try to access files and processes as root to see permission denied errors)
Good idea i think one or some of my videos touched on confining root and it impact.
Great ideas , thanks for your feedback. i will use this to create some new documentation in the near future.
On Mon, Sep 28, 2009 at 1:48 PM, Joshua Brindle method@manicmethod.comwrote:
As we discussed at Linux Plumbers Conference during the 'Making SELinux Easier to Use" talk we have some document deficiencies in the SELinux project.
I volunteered to start an SELinux Documentation Project. The primary purpose of the project would be to get as much documentation as possible on the selinuxproject.org wiki, organized in a fashion that users can understand and consume easily.
As I admitted before, we, the developers, are not always the best people to judge what documentation users need and therefore am requesting users, hopefully from different backgrounds and environments, tell us what documentation they feel is lacking, what questions they've been asked or have asked themselves and couldn't find documentation for.
I think we need basic documentation that tells about SELinux (both beginner and advanced), howto's for specific things (using secmark, using netlabel, etc) and a set of short 'recipes' to accomplish simple tasks.
There are documents all over the place with various information, as well as blog entries and mailing list archives but the effort here is to consolidate all those resources onto selinuxproject.org.
I'd also like to see volunteers in the community to help out with the documentation effort, I know quite a few people already write things like this on blogs, etc and it would be great to see that information moved/copied onto selinuxproject.org.
Users:
Please, if you are a user and have run in to lack of documentation respond to this thread, or privately if you aren't comfortable talking on list so that we can collect what the biggest deficiencies are and get to writing documentation as soon as possible.
Thanks.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list