Starting a SELinux documentation project is a fantastic idea, and is truly much needed!

I am two months new to SELinux, and have literally put together an 8 inch binder of documentation from what I would estimate to be 50-70 different sources.

Areas of deficiencies that I think could use more documentation include:

1) Current description of all objects and classes supported by SELinux

2) Simple 'getting started' policy module examples to help explain things such as creating new types/domains and working with domain transitions, explanation of how testing through a SSH shell can give you different results than from testing at the console, and networking examples: restricting access to sockets, denying access to specific network interfaces, details explaining why one would use macros in policy, simple MLS getting started examples.

3) Explanation of how SELinux can be different between various Linux distros (such as how enabling the SELinux strict policy causes RHEL 5.3 not to boot, how MLS does not support X in Fedora and other distros, why Fedora is the latest development version, and how there seem to be a lot of older tools for SELinux that have been superseded by utilities such as semanage.

4) Tutorials showing how to use SLIDE

5) Explanation of when users and roles are used and not used (for example, how their use can be different between files and processes).

6) Examples of how to test the robustness of SELinux configurations. (for example, try to access files and processes as root to see permission denied errors)

On Mon, Sep 28, 2009 at 1:48 PM, Joshua Brindle <> wrote:
As we discussed at Linux Plumbers Conference during the 'Making SELinux Easier to Use" talk we have some document deficiencies in the SELinux project.

I volunteered to start an SELinux Documentation Project. The primary purpose of the project would be to get as much documentation as possible on the wiki, organized in a fashion that users can understand and consume easily.

As I admitted before, we, the developers, are not always the best people to judge what documentation users need and therefore am requesting users, hopefully from different backgrounds and environments, tell us what documentation they feel is lacking, what questions they've been asked or have asked themselves and couldn't find documentation for.

I think we need basic documentation that tells about SELinux (both beginner and advanced), howto's for specific things (using secmark, using netlabel, etc) and a set of short 'recipes' to accomplish simple tasks.

There are documents all over the place with various information, as well as blog entries and mailing list archives but the effort here is to consolidate all those resources onto

I'd also like to see volunteers in the community to help out with the documentation effort, I know quite a few people already write things like this on blogs, etc and it would be great to see that information moved/copied onto


Please, if you are a user and have run in to lack of documentation respond to this thread, or privately if you aren't comfortable talking on list so that we can collect what the biggest deficiencies are and get to writing documentation as soon as possible.


fedora-selinux-list mailing list