beginner to SE Linux policy
Stephen Smalley
sds at tycho.nsa.gov
Tue Aug 7 19:19:07 UTC 2007
On Tue, 2007-08-07 at 13:56 -0400, Mark wrote:
> Thanks for the help. I just want to become more familiar with SE
> Linux and understand the context of the te, fe, if..etc files and how
> I can modify them so that my programs are more secure. There just
> seems to be alot of information that may or may not be related in
> order to help me. For instance, there is the seedit tools, SLIDE and
> RedHat tools available. Also, which is a better distribution to learn
> SE Linux, CentOS or Fedora Core?
Fedora Core tracks the latest SELinux developments more closely.
The reference policy documentation should help you, online at
http://oss.tresys.com/projects/refpolicy/wiki/Documentation and if you
have selinux-policy installed, locally available docs
under /usr/share/doc/selinux-policy-x.y.z/.
SLIDE is an eclipse plugin that leverages reference policy and provides
the typical IDE-style auto-completion, interface lookup, wizards for
constructing domains, etc. Useful if you are ok working in an IDE.
SEEdit is more about hiding the underlying abstractions and presenting a
very simple UI. Requires switching to its own policy entirely, away
from the stock policy.
> I am an application developer who really just needs to learn how to
> write policies for the programs I am developing. Things like
> policies, domains and domain transition are important areas I really
> want to learn.
There are a number of resources, e.g. see
http://selinux.sourceforge.net/resources.php3 , but many of them predate
the reference policy. Reference policy documentation and SLIDE are your
best bets right now, along with the book.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list