On Tue, 2007-08-07 at 13:56 -0400, Mark wrote:
Thanks for the help. I just want to become more familiar with SE
Linux and understand the context of the te, fe, if..etc files and how
I can modify them so that my programs are more secure. There just
seems to be alot of information that may or may not be related in
order to help me. For instance, there is the seedit tools, SLIDE and
RedHat tools available. Also, which is a better distribution to learn
SE Linux, CentOS or Fedora Core?
Fedora Core tracks the latest SELinux developments more closely.
The reference policy documentation should help you, online at
http://oss.tresys.com/projects/refpolicy/wiki/Documentation and if you
have selinux-policy installed, locally available docs
under /usr/share/doc/selinux-policy-x.y.z/.
SLIDE is an eclipse plugin that leverages reference policy and provides
the typical IDE-style auto-completion, interface lookup, wizards for
constructing domains, etc. Useful if you are ok working in an IDE.
SEEdit is more about hiding the underlying abstractions and presenting a
very simple UI. Requires switching to its own policy entirely, away
from the stock policy.
I am an application developer who really just needs to learn how to
write policies for the programs I am developing. Things like
policies, domains and domain transition are important areas I really
want to learn.
There are a number of resources, e.g. see
http://selinux.sourceforge.net/resources.php3 , but many of them predate
the reference policy. Reference policy documentation and SLIDE are your
best bets right now, along with the book.
--
Stephen Smalley
National Security Agency