[Bug 1180142] New: issues in the introduction of selinux-user-guide

bugzilla at redhat.com bugzilla at redhat.com
Thu Jan 8 13:34:35 UTC 2015 

https://bugzilla.redhat.com/show_bug.cgi?id=1180142

            Bug ID: 1180142
           Summary: issues in the introduction of selinux-user-guide
           Product: Fedora Documentation
           Version: devel
         Component: selinux-user-guide
          Assignee: mprpic at redhat.com
          Reporter: nmavrogi at redhat.com
        QA Contact: docs-qa at lists.fedoraproject.org
                CC: mprpic at redhat.com, pkennedy at redhat.com,
                    zach at oglesby.co



[Originally sent to authors of the document]

I was trying to understand selinux using that guide, and had quite some issues
in the introduction. I send you my issues in the hope they will help to improve
the text.

-------------------------------------------------------------
Chapter 2. Introduction to SELinux:
 I couldn't really understand what is selinux based on this section. It
says it is mandatory access control mechanism, and then it goes into
length explaining the 'Discretionary Access Control (DAC) system' used
typically in Linux. That's nice if you already know what selinux is,
because you can see the difference, but the opposite what I'd expect at
the moment since I have no idea what selinux is.

My suggestion would be to add the description I saw in
https://www.imperialviolet.org/2009/07/14/selinux.html

"SELinux is fundamentally about answering questions of the form “May x
do y to z?” and enforcing the result (x is subject, z is object) ...

The action (y) boils down to a class and a permission. Each class can
have up to 32 permissions (because they are stored as a bitmask in a
32-bit int). Examples of classes are FILE, TCP_SOCKET and X_EVENT. For
the FILE class, some examples of permissions are READ, WRITE, LOCK etc."

At least for me that was all the information that I needed to understand
what I can do with SELinux. A complete pictures may require to go into a
bit more length with explaining what can be a subject, object and
actions. Then mentioning about MAC and explaining it in addition to DAC
will be more natural IMO. 

---------------------------------------------------------------------
2.1. Benefits of running SELinux

This is section vaguely defines domain. I reached "3.1. Domain
Transitions" and didn't know what a domain was.

Maybe add a definition of domain in 3.1 or earlier in the introduction.

---------------------------------------------------------------------
Chapter 3. SELinux Contexts

level:
It explains that in Fedora there is a single sensitivity and multiple
categories. I miss what are these categories intended to be used to? An
example with two different categories would be helpful.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

More information about the docs-qa mailing list