Red Hat SELinux Application Development Guide?

David O'Brien daobrien at redhat.com
Thu Aug 31 07:50:47 UTC 2006 

On Wednesday 30 August 2006 21:57, Stephen Smalley wrote:
> On Wed, 2006-08-30 at 19:06 +0800, Benjamin Tsai wrote:
> > I googled-out this document for writing selinux-aware software
> > application, but can’t find any of a link from RedHat.
> >
> > Does this document exist? Besides, is there any tutorial for writing
> > selinux-aware programs?
> >
> > I have read “Red Hat SELinux Guide”, NSA “Implementing SELinux as a
> > Linux Security Module,” … and some other documents about writing
> > selinux policy.
> >
> > But still don’t get it how to write such a program. Please give me
> > some directions. Thx.
>
> I don't think that such a guide was ever written, although Red Hat did
> contribute numerous individual man pages for libselinux functions (and
> other SELinux components).
>
> selinux-doc/PORTING (installed
> to /usr/share/doc/selinux-doc-x.y/PORTING) was a short summary of
> changes in the SELinux API for people porting code from the old
> (pre-2.6) SELinux to the new API.  While written to a different
> audience, that document may be helpful to you.
>
> SELinux-aware applications fall into different categories; some of them
> are simply aware of security contexts (e.g. to get or set security
> contexts of processes or objects, to preserve security contexts on
> objects), some of them are using the SELinux API to get finer-grained
> protection than one can achieve via policy configuration alone, some of
> them are using the SELinux API to get policy decisions to enforce
> security policy over their own userspace objects and operations.  You'll
> find examples throughout Fedora, plus the libselinux utils and
> policycoreutils included in the core SELinux userland.

I've contacted Karsten Wade who was listed as the author of this and am 
waiting to hear. I didn't see it in any of the listed works in our current 
repo.

-- 
David O'Brien
Red Hat Asia Pacific Pty Ltd

Tel:  +61-7-3514-8189
Fax: +61-7-3514-8199

email: daobrien at redhat.com
web: http://apac.redhat.com/
IRC: daobrien #docs #selinux #devel #doc-i18n

More information about the fedora-selinux-list mailing list