I googled-out this document for writing selinux-aware software application, but can't find any of a link from RedHat.
Does this document exist? Besides, is there any tutorial for writing selinux-aware programs?
I have read "Red Hat SELinux Guide", NSA "Implementing SELinux as a Linux Security Module," ... and some other documents about writing selinux policy.
But still don't get it how to write such a program. Please give me some directions. Thx.
On Wed, 2006-08-30 at 19:06 +0800, Benjamin Tsai wrote:
I googled-out this document for writing selinux-aware software application, but can’t find any of a link from RedHat.
Does this document exist? Besides, is there any tutorial for writing selinux-aware programs?
I have read “Red Hat SELinux Guide”, NSA “Implementing SELinux as a Linux Security Module,” … and some other documents about writing selinux policy.
But still don’t get it how to write such a program. Please give me some directions. Thx.
I don't think that such a guide was ever written, although Red Hat did contribute numerous individual man pages for libselinux functions (and other SELinux components).
selinux-doc/PORTING (installed to /usr/share/doc/selinux-doc-x.y/PORTING) was a short summary of changes in the SELinux API for people porting code from the old (pre-2.6) SELinux to the new API. While written to a different audience, that document may be helpful to you.
SELinux-aware applications fall into different categories; some of them are simply aware of security contexts (e.g. to get or set security contexts of processes or objects, to preserve security contexts on objects), some of them are using the SELinux API to get finer-grained protection than one can achieve via policy configuration alone, some of them are using the SELinux API to get policy decisions to enforce security policy over their own userspace objects and operations. You'll find examples throughout Fedora, plus the libselinux utils and policycoreutils included in the core SELinux userland.
On Wednesday 30 August 2006 21:57, Stephen Smalley wrote:
On Wed, 2006-08-30 at 19:06 +0800, Benjamin Tsai wrote:
I googled-out this document for writing selinux-aware software application, but can’t find any of a link from RedHat.
Does this document exist? Besides, is there any tutorial for writing selinux-aware programs?
I have read “Red Hat SELinux Guide”, NSA “Implementing SELinux as a Linux Security Module,” … and some other documents about writing selinux policy.
But still don’t get it how to write such a program. Please give me some directions. Thx.
I don't think that such a guide was ever written, although Red Hat did contribute numerous individual man pages for libselinux functions (and other SELinux components).
selinux-doc/PORTING (installed to /usr/share/doc/selinux-doc-x.y/PORTING) was a short summary of changes in the SELinux API for people porting code from the old (pre-2.6) SELinux to the new API. While written to a different audience, that document may be helpful to you.
SELinux-aware applications fall into different categories; some of them are simply aware of security contexts (e.g. to get or set security contexts of processes or objects, to preserve security contexts on objects), some of them are using the SELinux API to get finer-grained protection than one can achieve via policy configuration alone, some of them are using the SELinux API to get policy decisions to enforce security policy over their own userspace objects and operations. You'll find examples throughout Fedora, plus the libselinux utils and policycoreutils included in the core SELinux userland.
I've contacted Karsten Wade who was listed as the author of this and am waiting to hear. I didn't see it in any of the listed works in our current repo.
selinux@lists.fedoraproject.org