The SELinux Documentation Project

Dominick Grift domg472 at gmail.com
Mon Dec 14 18:12:08 UTC 2009 

On Mon, Dec 14, 2009 at 11:49:15AM -0600, Serge E. Hallyn wrote:
> Quoting Joshua Brindle (method at manicmethod.com):
> > Dominick Grift wrote:
> > >On 11/27/2009 09:31 PM, Joshua Brindle wrote:
> > >>Joshua Brindle wrote:
> > >>>As we discussed at Linux Plumbers Conference during the 'Making SELinux
> > >>>Easier to Use" talk we have some document deficiencies in the SELinux
> > >>>project.
> > >>>
> > >><snip>
> > >>
> > >>We have gotten some good contributions to the documentation project over
> > >>the last couple months but there is always more to do. I've updated the
> > >>Documentation TODO at:
> > >>
> > >><http://selinuxproject.org/page/Documentation_TODO>
> > >>
> > >>with some docs we'd like written and some guidance on what the format
> > >>should be. Use cases would be particularly appreciated.
> > >>
> > >>If you haven't gone to the documentation wiki lately take a look at
> > >>
> > >><http://selinuxproject.org/page/Main_Page>
> > >>
> > >>and see what's been added.
> > >>
> > >>Thanks for the help of the contributors and hopefully this effort will
> > >>go a long way toward gaining users and keeping SELinux enabled.
> > >>
> > >>--
> > >>fedora-selinux-list mailing list
> > >>fedora-selinux-list at redhat.com
> > >>https://www.redhat.com/mailman/listinfo/fedora-selinux-list
> > >
> > >Attached is a concept i wrote today about Locking down webapps with CGI.
> > >This was a topic in the todo list.
> > >
> > >Would be nice if someone could proof-read this and when
> > >modified/accepted publish it.
> > 
> > It's a wiki :) Just put it up there and others can make
> 
> How are we to create an account to edit a page?  The 'Log in/Create
> Account' page doesn't seem to let me create an account?
> 
> I'd like to add the recipe
> 
>         useradd xa
> 	semanage user -a -R user_r xa
> 	semanage login -a -s xa xa

You would probably also need:

cd /etc/selinux/targeted/contexts/users; cp user_u xa;

To make that work.

Easier would probably be: useradd -Z user_u xa

or

useradd xa
semanage login -m -s user_u -r s0-s0 xa

You should send an e-mail to james morris. He maintains the site and will add a login if you ask him.

> 
> to lock user xa into its own selinux context to the recipes page.
> If someone else is willing to post it, all the better.
> 
> > modifications. There are actually a couple people who are decent at
> > copy editing that have done some work on the wiki so if we get
> > technical content up there they can do what they do to clean it up.
> 
> thanks,
> -serge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20091214/0f273c98/attachment.sig>

More information about the fedora-selinux-list mailing list