git + Fedora 11 kernel
William Case
billlinux at rogers.com
Wed Jul 22 23:24:47 UTC 2009
On Wed, 2009-07-22 at 19:13 -0400, Todd Zullinger wrote:
> William Case wrote:
> > What I want to do is trace the implementation of SELinux; its
> > modules; initiation; hooks etc. in Fedora. The Kernel.org version I
> > have doesn't show SELinux coding.
>
> Hmm, it should, as it is in the mainline kernel these days. I
> couldn't tell you much, but I think the kernel parts of selinux are
> found in security/selinux within the kernel source. From the kernel
> git tree:
>
> http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6-stable.git;a=tree;f=security/selinux;hb=HEAD
>
Thanks Todd.
> > I have been running SELinux in the last few versions of Fedora in
> > permissive or disabled mode just to get it out of the way. In F11,
> > I thought I would climb the learning curve and begin to use it.
> >
> > There are many good tutorials and manuals out there, not the least
> > of which are Fedora's own SELinux manual and the NSA's report.
> > However none of them explain very well what is happening in the
> > kernel. At least not as well as they could if I could see the code
> > with my own eyes.
>
> Hopefully the code from above helps enlighten you. ;)
The meat is in the policies as you have pointed out below.
Unfortunately for me, I can get myself stuck with "Yea, but how does it
do that?". Once I can answer that question, even if only superficially,
I can comfortably move on to more significant issues.
>
> Also useful might be the selinux-policy packages. That's where the
> actual rules and policies are kept. The fedora-selinux-list might be
> able to provide more insight (surely more than I can :).
--
Regards Bill
Fedora 11, Gnome 2.26.3
Evo.2.26.3, Emacs 22.3.1
More information about the fedora-list
mailing list