Starting a SELinux documentation project is a fantastic idea, and is truly
much needed!
I am two months new to SELinux, and have literally put together an 8 inch
binder of documentation from what I would estimate to be 50-70 different
sources.
Areas of deficiencies that I think could use more documentation include:
1) Current description of all objects and classes supported by SELinux
2) Simple 'getting started' policy module examples to help explain things
such as creating new types/domains and working with domain transitions,
explanation of how testing through a SSH shell can give you different
results than from testing at the console, and networking examples:
restricting access to sockets, denying access to specific network
interfaces, details explaining why one would use macros in policy, simple
MLS getting started examples.
3) Explanation of how SELinux can be different between various Linux distros
(such as how enabling the SELinux strict policy causes RHEL 5.3 not to boot,
how MLS does not support X in Fedora and other distros, why Fedora is the
latest development version, and how there seem to be a lot of older tools
for SELinux that have been superseded by utilities such as semanage.
4) Tutorials showing how to use SLIDE
5) Explanation of when users and roles are used and not used (for example,
how their use can be different between files and processes).
6) Examples of how to test the robustness of SELinux configurations. (for
example, try to access files and processes as root to see permission denied
errors)
On Mon, Sep 28, 2009 at 1:48 PM, Joshua Brindle <method(a)manicmethod.com>wrote:
As we discussed at Linux Plumbers Conference during the 'Making
SELinux
Easier to Use" talk we have some document deficiencies in the SELinux
project.
I volunteered to start an SELinux Documentation Project. The primary
purpose of the project would be to get as much documentation as possible on
the
selinuxproject.org wiki, organized in a fashion that users can
understand and consume easily.
As I admitted before, we, the developers, are not always the best people to
judge what documentation users need and therefore am requesting users,
hopefully from different backgrounds and environments, tell us what
documentation they feel is lacking, what questions they've been asked or
have asked themselves and couldn't find documentation for.
I think we need basic documentation that tells about SELinux (both beginner
and advanced), howto's for specific things (using secmark, using netlabel,
etc) and a set of short 'recipes' to accomplish simple tasks.
There are documents all over the place with various information, as well as
blog entries and mailing list archives but the effort here is to consolidate
all those resources onto
selinuxproject.org.
I'd also like to see volunteers in the community to help out with the
documentation effort, I know quite a few people already write things like
this on blogs, etc and it would be great to see that information
moved/copied onto
selinuxproject.org.
Users:
Please, if you are a user and have run in to lack of documentation respond
to this thread, or privately if you aren't comfortable talking on list so
that we can collect what the biggest deficiencies are and get to writing
documentation as soon as possible.
Thanks.
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list