On Sun, 2006-11-05 at 12:33 -0700, Leffler, Sean wrote:
So I volunteered (!?!?!) to give a presentation on SELinux for my
midtem project.
At the time I thought 'cool, how hard can this be.' (ok, you can stop
laughing now)
So now I'm a bit panic'd. I picked up the Oreilly's book and the other
one SELinux by example.
The pickle I'm in is that the class is using FC5 and both books were
written for earlier versions and its befuddling me.
The O'Reilly book is old (written during FC2 development, IIRC), but the
SELinux by Example book is quite recent and included material on both
the older approach (example policy, monolithic) and the newer approach
incorporated into FC5 (reference policy, modular).
So I thought I would beg on this list for a few examples I could
present to the class on how to do some basic policy stuff.
Like here is a new widget and this is how you modify permissions to
make it work, yada yada. Nothing major just simple stuff like that. (I
will touch on the targeted policy for the big daemons/services but I
wanted to show how you might tackle a problem that was not part of the
targeted list.)
I have been reading everything I can find on FC5/SELinux but I've just
run out of time.
So any help would be appreciated, and FWIW, I really dig this
stuff. :)
http://fedoraproject.org/wiki/SELinux/
http://fedora.redhat.com/docs/selinux-faq-fc5/
You want to install selinux-policy-devel and checkpolicy to build
loadable policy modules. /usr/share/selinux/devel/policygentool is a
simple script for creating an initial stub for a policy module.
audit2allow is a tool for blindly generating policy from audit messages,
but you obviously want to exert care in using it. If you like IDEs,
then you might try SLIDE,
http://oss.tresys.com/projects/slide
--
Stephen Smalley
National Security Agency