web/html/docs/selinux-faq-fc5 index.php,1.5,1.6
Paul W. Frields (pfrields)
fedora-websites-list at redhat.com
Tue Jun 6 19:28:15 UTC 2006
- Previous message: web/html/docs/selinux-faq-fc5/it/stylesheet-images - New directory
- Next message: web/html/docs/selinux-faq-fc5/en_US/stylesheet-images 1.png, NONE, 1.1 10.png, NONE, 1.1 11.png, NONE, 1.1 12.png, NONE, 1.1 13.png, NONE, 1.1 14.png, NONE, 1.1 15.png, NONE, 1.1 2.png, NONE, 1.1 3.png, NONE, 1.1 4.png, NONE, 1.1 5.png, NONE, 1.1 6.png, NONE, 1.1 7.png, NONE, 1.1 8.png, NONE, 1.1 9.png, NONE, 1.1 caution.png, NONE, 1.1 important.png, NONE, 1.1 note.png, NONE, 1.1 tip.png, NONE, 1.1 titlepage.png, NONE, 1.1 warning.png, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pfrields
Update of /cvs/fedora/web/html/docs/selinux-faq-fc5
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv18935
Modified Files:
index.php
Log Message:
Added it translation and updated en_US to newest build
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.5 -r 1.6 index.php
Index: index.php
===================================================================
RCS file: /cvs/fedora/web/html/docs/selinux-faq-fc5/index.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- index.php 28 Apr 2006 19:37:48 -0000 1.5
+++ index.php 6 Jun 2006 19:28:13 -0000 1.6
@@ -1,3423 +1,20 @@
<?
-
include("site.inc");
+
$template = new Page;
-$template->initCommon();
+$template->initCommon();
+
$template->displayHeader();
?>
+<h1>SELinux FAQ for Fedora Core 5</h1>
-<div class="article" lang="en">
-<div class="titlepage">
-<div>
-<div><h1 class="title">
-<a name="selinux-faq"></a>Fedora Core 5 SELinux FAQ</h1></div>
-<div><div class="authorgroup">
-<div class="author"><h3 class="author">
-<span class="firstname">Karsten</span> <span class="surname">Wade</span>
-</h3></div>
-<div class="author"><h3 class="author">
-<span class="firstname">Chad</span> <span class="surname">Sellers</span>
-</h3></div>
-</div></div>
-<div><p class="othercredit"><span class="firstname">Francesco</span> <span class="surname">Tombolini</span></p></div>
-<div><p class="copyright">Copyright © 2004, 2005 Red Hat, Inc., Karsten Wade</p></div>
-<div><p class="copyright">Copyright © 2006 Chad Sellers, Paul W. Frields</p></div>
-<div><div class="legalnotice">
-<a name="legalnotice"></a><p>
- Copyright (c) 2006 by Red Hat, Inc. and others. This material may be
- distributed only subject to the terms and conditions set forth in the Open
- Publication License, v1.0, available at <a href="http://www.opencontent.org/openpub/" target="_top">http://www.opencontent.org/openpub/</a>.
- </p>
-<p>
- Garrett LeSage created the admonition graphics (note, tip, important, caution,
- and warning). Tommy Reynolds <code class="email"><<a href="mailto:Tommy.Reynolds at MegaCoder.com">Tommy.Reynolds at MegaCoder.com</a>></code>
- created the callout graphics. They all may be freely redistributed with
- documentation produced for the Fedora Project.
-</p>
-<p>
- FEDORA, FEDORA PROJECT, and the Fedora Logo are trademarks of Red Hat, Inc.,
- are registered or pending registration in the U.S. and other countries, and
- are used here under license to the Fedora Project.
-</p>
-<p>
- Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat, Inc.
- in the United States and other countries.
-</p>
-<p>
- All other trademarks and copyrights referred to are the property of their
- respective owners.
-</p>
-</div></div>
-<div><div class="revhistory"><table border="1" width="100%" summary="Revision history">
-<tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr>
-<tr>
-<td align="left">Revision 1.5.6</td>
-<td align="left">2006-04-28</td>
-<td align="left">CS</td>
-</tr>
-<tr><td align="left" colspan="3">
- <p>
- Fix for bz #18727, bz#139744, bz#144696, bz#147915, and
- bz#190181; other fixes, including from
- http://fedoraproject.org/wiki/SELinux/FAQ/ProposedAdditions
- </p>
- </td></tr>
-<tr>
-<td align="left">Revision 1.5.5</td>
-<td align="left">2006-04-07</td>
-<td align="left">KW</td>
-</tr>
-<tr><td align="left" colspan="3">
- <p>
- Fix for bz #188219; legal notice fix.
- </p>
- </td></tr>
-<tr>
-<td align="left">Revision 1.5.4</td>
-<td align="left">2006-03-21</td>
-<td align="left">CS</td>
-</tr>
-<tr><td align="left" colspan="3">
- <p>
- Updated log file location for FC5 release, added targeted
- domains FAQ
- </p>
- </td></tr>
-<tr>
-<td align="left">Revision 1.5.3</td>
-<td align="left">2006-03-21</td>
-<td align="left">CS</td>
-</tr>
-<tr><td align="left" colspan="3">
- <p>
- Numerous content updates for FC5 release
- </p>
- </td></tr>
-<tr>
-<td align="left">Revision 1.5.2</td>
-<td align="left">2006-02-10</td>
-<td align="left">PWF</td>
-</tr>
-<tr><td align="left" colspan="3">
- <p>
- Make admonition more easily maintainable
- </p>
- </td></tr>
-<tr>
-<td align="left">Revision 1.5.1</td>
-<td align="left">2006-02-05</td>
-<td align="left">PWF</td>
-</tr>
-<tr><td align="left" colspan="3">
- <p>
- Style and readability editing; some element clarifications
- </p>
- </td></tr>
-<tr>
-<td align="left">Revision 1.5</td>
-<td align="left">2006-02-03</td>
-<td align="left">CS</td>
-</tr>
-<tr><td align="left" colspan="3">
- <p>
- First round of editing.
- </p>
- </td></tr>
-</table></div></div>
-</div>
-<hr>
-</div>
-<div class="toc"><dl><dt><span class="section"><a href="#sn-selinux-faq">1. SELinux Notes and FAQ</a></span></dt></dl></div>
-<div class="section" lang="en">
-<div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="sn-selinux-faq"></a>1. SELinux Notes and FAQ</h2></div></div></div>
-<p>
- The information in this FAQ is valuable for those who are new to SELinux. It
- is also valuable if you are new to the latest SELinux implementation in
- Fedora Core, since some of the behavior may be different than you have
- experienced.
- </p>
-<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note: This FAQ is specific to Fedora Core 5">
-<tr>
-<td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="./stylesheet-images/note.png"></td>
-<th align="left">This FAQ is specific to Fedora Core 5</th>
-</tr>
-<tr><td align="left" valign="top"><p>
- If you are looking for the FAQ for other versions of Fedora Core, refer to
- <a href="http://fedora.redhat.com/docs/selinux-faq/" target="_top">http://fedora.redhat.com/docs/selinux-faq/</a>.
- </p></td></tr>
-</table></div>
-<p>
- For more information about how SELinux works, how to use SELinux for general
- and specific Linux distributions, and how to write policy, these resources
- are useful:
- </p>
-<div class="itemizedlist">
-<a name="external-link-list"></a><p class="title"><b>External Link List</b></p>
-<ul type="disc">
-<li><p>
- NSA SELinux main website — <a href="http://www.nsa.gov/selinux/" target="_top">http://www.nsa.gov/selinux/</a>
- </p></li>
-<li><p>
- NSA SELinux FAQ — <a href="http://www.nsa.gov/selinux/info/faq.cfm" target="_top">http://www.nsa.gov/selinux/info/faq.cfm</a>
- </p></li>
-<li><p>
- SELinux community page — <a href="http://selinux.sourceforge.net" target="_top">http://selinux.sourceforge.net</a>
- </p></li>
-<li><p>
- UnOfficial FAQ — <a href="http://www.crypt.gen.nz/selinux/faq.html" target="_top">http://www.crypt.gen.nz/selinux/faq.html</a>
- </p></li>
-<li><p>
- Writing traditional SE Linux policy HOWTO — <a href="https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266" target="_top">https://sourceforge.net/docman/display_doc.php?docid=21959&group_id=21266</a>
- </p></li>
-<li><p>
- Reference Policy (the new policy found in Fedora Core 5) — <a href="http://serefpolicy.sourceforge.net/" target="_top">http://serefpolicy.sourceforge.net/</a>
- </p></li>
-<li><p>
- SELinux policy development training courses — <a href="http://tresys.com/services/training.shtml" target="_top">http://tresys.com/services/training.shtml</a> and <a href="https://www.redhat.com/training/security/courses/rhs429.html" target="_top">https://www.redhat.com/training/security/courses/rhs429.html</a>
- </p></li>
-<li><p>
- Getting Started with SE Linux HOWTO: the new SE Linux (Debian) —
- <a href="https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266" target="_top">https://sourceforge.net/docman/display_doc.php?docid=20372&group_id=21266</a>
- </p></li>
-<li><p>
- List of SELinux object classes and permissions —
- <a href="http://tresys.com/selinux/obj_perms_help.shtml" target="_top">http://tresys.com/selinux/obj_perms_help.shtml</a>
- </p></li>
[...3038 lines suppressed...]
- For files, <code class="computeroutput">relabelfrom</code> means "Can
- domain D relabel a file from (i.e. currently in) type T1?" and
- <code class="computeroutput">relabelto</code> means "Can domain D
- relabel a file to type T2?", so both checks are applied upon a
- file relabeling, where T1 is the original type of the type and T2
- is the new type specified by the program.
- </p>
-<p>
- Useful documents to look at:
- </p>
-<div class="itemizedlist"><ul type="disc">
-<li><p>
- Object class and permission summary by Tresys <a href="http://tresys.com/selinux/obj_perms_help.shtml" target="_top">http://tresys.com/selinux/obj_perms_help.shtml</a>
- </p></li>
-<li><p>
- Implementing SELinux as an LSM technical report (describes
- permission checks on a per-hook basis) <a href="http://www.nsa.gov/selinux/papers/module-abs.cfm" target="_top">http://www.nsa.gov/selinux/papers/module-abs.cfm</a>.
- This is also available in the selinux-doc package
- (and more up-to-date there).
- </p></li>
-<li><p>
- Integrating Flexible Support for Security Policies into the
- Linux Operating System - technical report (describes original
- design and implementation, including summary tables of
- classes, permissions, and what permission checks are applied
- to what system calls. It is not entirely up-to-date with
- current implementation, but a good resource nonetheless).
- <a href="http://www.nsa.gov/selinux/papers/slinux-abs.cfm" target="_top">http://www.nsa.gov/selinux/papers/slinux-abs.cfm</a>
- </p></li>
-</ul></div>
-</td>
-</tr>
-<tr class="qandadiv"><td align="left" valign="top" colspan="2">
-<a name="faq-div-deploying-selinux"></a><h4 class="title">
-<a name="faq-div-deploying-selinux"></a>1.4. Deploying SELinux</h4>
-</td></tr>
-<tr class="toc" colspan="2"><td align="left" valign="top" colspan="2"><dl>
-<dt>Q: <a href="#id2961714">
- What file systems can I use for SELinux?
- </a>
-</dt>
-<dt>Q: <a href="#id2961748">
- How does SELinux impact system performance?
- </a>
-</dt>
-<dt>Q: <a href="#id2961779">
- What types of deployments, applications, and systems should I
- leverage SELinux in?
- </a>
-</dt>
-<dt>Q: <a href="#id2961848">
- How does SELinux affect third-party applications?
- </a>
-</dt>
-</dl></td></tr>
-<tr class="question">
-<td align="left" valign="top">
-<a name="id2961714"></a><a name="id2961717"></a><b>Q:</b>
-</td>
-<td align="left" valign="top"><p>
- What file systems can I use for SELinux?
- </p></td>
-</tr>
-<tr class="answer">
-<td align="left" valign="top"><b>A:</b></td>
-<td align="left" valign="top">
-<p>
- The file system must support
- <code class="computeroutput">xattr</code> labels in the right
- <em class="parameter"><code>security.*</code></em> namespace. In addition to
- ext2/ext3, XFS has recently added support for the necessary
- labels.
- </p>
-<p>
- Note that XFS SELinux support is broken in upstream kernel
- 2.6.14 and 2.6.15, but fixed (worked around)
- in 2.6.16. Your kernel must include this fix if
- you choose to use XFS with SELinux.
- </p>
-</td>
-</tr>
-<tr class="question">
-<td align="left" valign="top">
-<a name="id2961748"></a><a name="id2961756"></a><b>Q:</b>
-</td>
-<td align="left" valign="top"><p>
- How does SELinux impact system performance?
- </p></td>
-</tr>
-<tr class="answer">
-<td align="left" valign="top"><b>A:</b></td>
-<td align="left" valign="top"><p>
- This is a variable that is hard to measure, and is heavily
- dependent on the tuning and usage of the system running SELinux.
- When performance was last measured, the impact was around 7% for
- completely untuned code. Subsequent changes in system components
- such as networking are likely to have made that worse in some
- cases. SELinux performance tuning continues to be a priority of the
- development team.
- </p></td>
-</tr>
-<tr class="question">
-<td align="left" valign="top">
-<a name="id2961779"></a><a name="id2961782"></a><b>Q:</b>
-</td>
-<td align="left" valign="top"><p>
- What types of deployments, applications, and systems should I
- leverage SELinux in?
- </p></td>
-</tr>
-<tr class="answer">
-<td align="left" valign="top"><b>A:</b></td>
-<td align="left" valign="top">
-<p>
- Initially, SELinux has been used on Internet facing servers that are
- performing a few specialized functions, where it is critical to
- keep extremely tight security. Administrators typically strip
- such a box of all extra software and services, and run a very
- small, focused set of services. A Web server or mail server is a
- good example.
- </p>
-<p>
- In these edge servers, you can lock down the policy very tightly.
- The smaller number of interactions with other components makes
- such a lock down easier. A dedicated system running a specialized
- third-party application would also be a good candidate.
- </p>
-<p>
- In the future, SELinux will be targeted at all environments. In
- order to achieve this goal, the community and
- <em class="firstterm">independent software vendors</em>
- (<span class="abbrev">ISV</span>s) must work with the SELinux developers to
- produce the necessary policy. So far, a very restrictive
- <em class="firstterm">strict policy</em> has been written, as well as
- a <em class="firstterm">targeted policy</em> that focuses on specific,
- vulnerable daemons.
- </p>
-<p>For more information about these policies, refer to <a href="#qa-whatis-policy">What is SELinux policy?</a> and <a href="#qa-whatis-targeted-policy">What is the SELinux targeted policy?</a>.
- </p>
-</td>
-</tr>
-<tr class="question">
-<td align="left" valign="top">
-<a name="id2961848"></a><a name="id2961850"></a><b>Q:</b>
-</td>
-<td align="left" valign="top"><p>
- How does SELinux affect third-party applications?
- </p></td>
-</tr>
-<tr class="answer">
-<td align="left" valign="top"><b>A:</b></td>
-<td align="left" valign="top">
-<p>
- One goal of implementing a targeted SELinux policy in Fedora Core is to
- allow third-party applications to work without modification. The
- targeted policy is transparent to those unaddressed applications,
- and it falls back on standard Linux DAC security. These
- applications, however, will not be running in an extra-secure
- manner. You or another provider must write policy to protect these
- applications with MAC security.
- </p>
-<p>
- It is impossible to predict how every third-party application
- might behave with SELinux, even running the targeted policy. You
- may be able to fix issues that arise by changing the policy. You
- may find that SELinux exposes previously unknown security issues
- with your application. You may have to modify the application to
- work under SELinux.
- </p>
-<p>
- Note that with the addition of <a href="#faq-entry-whatare-policy-modules">Policy Modules</a>, it is now possible
- for third-party developers to include policy modules with their
- application. If you are a third-party developer or a
- package-maintainer, please consider including a policy module
- in your package. This will allow you to secure the behavior
- of your application with the power of SELinux for any user
- installing your package.
- </p>
-<p>
- One important value that Fedora Core testers and users bring to the
- community is extensive testing of third-party applications. With
- that in mind, please bring your experiences to the appropriate
- mailing list, such as the fedora-selinux list, for discussion. For
- more information about that list, refer to <a href="http://www.redhat.com/mailman/listinfo/fedora-selinux-list/" target="_top">http://www.redhat.com/mailman/listinfo/fedora-selinux-list/</a>.
- </p>
-</td>
-</tr>
-</tbody>
-</table>
-</div>
-</div>
-</div>
+<p><a href="en_US/">en_US</a> | <a href="it/">it</a></p>
<?
$template->displayFooter('$Date$');
?>
-
- Previous message: web/html/docs/selinux-faq-fc5/it/stylesheet-images - New directory
- Next message: web/html/docs/selinux-faq-fc5/en_US/stylesheet-images 1.png, NONE, 1.1 10.png, NONE, 1.1 11.png, NONE, 1.1 12.png, NONE, 1.1 13.png, NONE, 1.1 14.png, NONE, 1.1 15.png, NONE, 1.1 2.png, NONE, 1.1 3.png, NONE, 1.1 4.png, NONE, 1.1 5.png, NONE, 1.1 6.png, NONE, 1.1 7.png, NONE, 1.1 8.png, NONE, 1.1 9.png, NONE, 1.1 caution.png, NONE, 1.1 important.png, NONE, 1.1 note.png, NONE, 1.1 tip.png, NONE, 1.1 titlepage.png, NONE, 1.1 warning.png, NONE, 1.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the websites
mailing list