1:33 p.m.
So I volunteered (!?!?!) to give a presentation on SELinux for my
midtem project.
At the time I thought 'cool, how hard can this be.' (ok, you can stop
laughing now)
So now I'm a bit panic'd. I picked up the Oreilly's book and the other
one SELinux by example.
The pickle I'm in is that the class is using FC5 and both books were
written for earlier versions and its befuddling me.
So I thought I would beg on this list for a few examples I could present
to the class on how to do some basic policy stuff.
Like here is a new widget and this is how you modify permissions to make
it work, yada yada. Nothing major just simple stuff like that. (I will
touch on the targeted policy for the big daemons/services but I wanted
to show how you might tackle a problem that was not part of the targeted
list.)
I have been reading everything I can find on FC5/SELinux but I've just
run out of time.
So any help would be appreciated, and FWIW, I really dig this stuff. :)
Sean
4:51 p.m.
Leffler, Sean wrote:
So I volunteered (!?!?!) to give a presentation on SELinux for my
midtem project.
At the time I thought 'cool, how hard can this be.' (ok, you can stop
laughing now)
http://fedora.redhat.com/docs/selinux-faq-fc5/
"audit2allow -M local.te" is your friend, or enemy if misused.
Also make sure you "yum install checkpolicy", so this works as
expected...
So now I'm a bit panic'd. I picked up the Oreilly's book and the other
one SELinux by example.
The pickle I'm in is that the class is using FC5 and both books were
written for earlier versions and its befuddling me.
So I thought I would beg on this list for a few examples I could
present to the class on how to do some basic policy stuff.
Like here is a new widget and this is how you modify permissions to
make it work, yada yada. Nothing major just simple stuff like that. (I
will touch on the targeted policy for the big daemons/services but I
wanted to show how you might tackle a problem that was not part of the
targeted list.)
I have been reading everything I can find on FC5/SELinux but I've just
run out of time.
So any help would be appreciated, and FWIW, I really dig this stuff. :)
Sean
------------------------------------------------------------------------
--
fedora-selinux-list mailing list
fedora-selinux-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
7:50 a.m.
On Sun, 2006-11-05 at 12:33 -0700, Leffler, Sean wrote:
So I volunteered (!?!?!) to give a presentation on SELinux for my
midtem project.
At the time I thought 'cool, how hard can this be.' (ok, you can stop
laughing now)
So now I'm a bit panic'd. I picked up the Oreilly's book and the other
one SELinux by example.
The pickle I'm in is that the class is using FC5 and both books were
written for earlier versions and its befuddling me.
The O'Reilly book is old (written during FC2 development, IIRC), but the
SELinux by Example book is quite recent and included material on both
the older approach (example policy, monolithic) and the newer approach
incorporated into FC5 (reference policy, modular).
So I thought I would beg on this list for a few examples I could
present to the class on how to do some basic policy stuff.
Like here is a new widget and this is how you modify permissions to
make it work, yada yada. Nothing major just simple stuff like that. (I
will touch on the targeted policy for the big daemons/services but I
wanted to show how you might tackle a problem that was not part of the
targeted list.)
I have been reading everything I can find on FC5/SELinux but I've just
run out of time.
So any help would be appreciated, and FWIW, I really dig this
stuff. :)
http://fedoraproject.org/wiki/SELinux/
http://fedora.redhat.com/docs/selinux-faq-fc5/
You want to install selinux-policy-devel and checkpolicy to build
loadable policy modules. /usr/share/selinux/devel/policygentool is a
simple script for creating an initial stub for a policy module.
audit2allow is a tool for blindly generating policy from audit messages,
but you obviously want to exert care in using it. If you like IDEs,
then you might try SLIDE,
http://oss.tresys.com/projects/slide
--
Stephen Smalley
National Security Agency
8:31 a.m.
Thanks guys.
I just d/l slide; probably a bit much for my class to deal with at the
moment, but I think I will enjoy using it in the future.
Fortunately I only need to give a 30 minute presentation so I should be
able to meander my way through it.
Thanks again,
Sean
6373
days inactive
6375
days old
selinux@lists.fedoraproject.org
3 comments
3 participants
participants (3)
-
Leffler, Sean -
Richard Irving -
Stephen Smalley