On Wednesday 30 August 2006 21:57, Stephen Smalley wrote:
On Wed, 2006-08-30 at 19:06 +0800, Benjamin Tsai wrote:
> I googled-out this document for writing selinux-aware software
> application, but can’t find any of a link from RedHat.
> Does this document exist? Besides, is there any tutorial for writing
> selinux-aware programs?
> I have read “Red Hat SELinux Guide”, NSA “Implementing SELinux as a
> Linux Security Module,” … and some other documents about writing
> selinux policy.
> But still don’t get it how to write such a program. Please give me
> some directions. Thx.
I don't think that such a guide was ever written, although Red Hat did
contribute numerous individual man pages for libselinux functions (and
other SELinux components).
to /usr/share/doc/selinux-doc-x.y/PORTING) was a short summary of
changes in the SELinux API for people porting code from the old
(pre-2.6) SELinux to the new API. While written to a different
audience, that document may be helpful to you.
SELinux-aware applications fall into different categories; some of them
are simply aware of security contexts (e.g. to get or set security
contexts of processes or objects, to preserve security contexts on
objects), some of them are using the SELinux API to get finer-grained
protection than one can achieve via policy configuration alone, some of
them are using the SELinux API to get policy decisions to enforce
security policy over their own userspace objects and operations. You'll
find examples throughout Fedora, plus the libselinux utils and
policycoreutils included in the core SELinux userland.
I've contacted Karsten Wade who was listed as the author of this and am
waiting to hear. I didn't see it in any of the listed works in our current
Red Hat Asia Pacific Pty Ltd
IRC: daobrien #docs #selinux #devel #doc-i18n