Need help for midterm project/presentation (FC5 & SELinux)

Stephen Smalley sds at tycho.nsa.gov
Mon Nov 6 13:50:03 UTC 2006


On Sun, 2006-11-05 at 12:33 -0700, Leffler, Sean wrote:
> So I volunteered (!?!?!)  to give a presentation on SELinux for my
> midtem project. 
> At the time I thought 'cool, how hard can this be.'  (ok, you can stop
> laughing now)
>  
> So now I'm a bit panic'd. I picked up the Oreilly's book and the other
> one SELinux by example.
> The pickle I'm in is that the class is using FC5 and both books were
> written for earlier versions and its befuddling me.

The O'Reilly book is old (written during FC2 development, IIRC), but the
SELinux by Example book is quite recent and included material on both
the older approach (example policy, monolithic) and the newer approach
incorporated into FC5 (reference policy, modular).  

> So I thought I would beg on this list for a few examples I could
> present to the class on how to do some basic policy stuff. 
> Like here is a new widget and this is how you modify permissions to
> make it work, yada yada. Nothing major just simple stuff like that. (I
> will touch on the targeted policy for the big daemons/services but I
> wanted to show how you might tackle a problem that was not part of the
> targeted list.)
>  
> I have been reading everything I can find on FC5/SELinux but I've just
> run out of time.  
> So any help would be appreciated, and FWIW, I really dig this
> stuff. :)

http://fedoraproject.org/wiki/SELinux/
http://fedora.redhat.com/docs/selinux-faq-fc5/

You want to install selinux-policy-devel and checkpolicy to build
loadable policy modules.  /usr/share/selinux/devel/policygentool is a
simple script for creating an initial stub for a policy module.
audit2allow is a tool for blindly generating policy from audit messages,
but you obviously want to exert care in using it.  If you like IDEs,
then you might try SLIDE,
http://oss.tresys.com/projects/slide


-- 
Stephen Smalley
National Security Agency




More information about the fedora-selinux-list mailing list