SELinux Permission Documentation

[Ken]

Ken wrote:
> What can be sent and received as rawip to and from kernel_t, and what 
> are the limitations of what can be done with the data?  I am interested 
> in understanding the security implications of this (and other) SELinux 
> permissions.  Is there anyone who can direct me to reference materials 
> that explain the security implications of allowing various SELinux 
> permissions?
> 
Update:
It appears that allowing rawip did not fix the problem, but that it was 
only a coincidence that the site worked for me after making the change; 
so understanding this permission is now less important to me.


I am assuming that since no one answered any of my emails regarding 
permission documentation that there is none.  With this this in mind, I 
have a suggestion for those who have a good understanding of SELinux: 
Please create documentation that will allow an individual to research 
and understand the security implications of various permissions without 
the need for taking the time to gain an extensive knowledge of the LSM 
and SELinux.  This would be very helpful to me (and I am sure to many 
other people as well) since I only want to learn what I need to in order 
to secure my system, and having a source of information would eliminate 
the need to know enough to extract the information myself.

- Ken -