The SELinux Documentation Project [Request for topics]

Thu Oct 1 02:13:42 UTC 2009

Starting a SELinux documentation project is a fantastic idea, and is truly
much needed!

I am two months new to SELinux, and have literally put together an 8 inch
binder of documentation from what I would estimate to be 50-70 different
sources.

Areas of deficiencies that I think could use more documentation include:

1) Current description of all objects and classes supported by SELinux

2) Simple 'getting started' policy module examples to help explain things
such as creating new types/domains and working with domain transitions,
explanation of how testing through a SSH shell can give you different
results than from testing at the console, and networking examples:
restricting access to sockets, denying access to specific network
interfaces, details explaining why one would use macros in policy, simple
MLS getting started examples.

3) Explanation of how SELinux can be different between various Linux distros
(such as how enabling the SELinux strict policy causes RHEL 5.3 not to boot,
how MLS does not support X in Fedora and other distros, why Fedora is the
latest development version, and how there seem to be a lot of older tools
for SELinux that have been superseded by utilities such as semanage.

4) Tutorials showing how to use SLIDE

5) Explanation of when users and roles are used and not used (for example,
how their use can be different between files and processes).

6) Examples of how to test the robustness of SELinux configurations. (for
example, try to access files and processes as root to see permission denied
errors)

On Mon, Sep 28, 2009 at 1:48 PM, Joshua Brindle <method at manicmethod.com>wrote:

> As we discussed at Linux Plumbers Conference during the 'Making SELinux
> Easier to Use" talk we have some document deficiencies in the SELinux
> project.
>
> I volunteered to start an SELinux Documentation Project. The primary
> purpose of the project would be to get as much documentation as possible on
> the selinuxproject.org wiki, organized in a fashion that users can
> understand and consume easily.
>
> As I admitted before, we, the developers, are not always the best people to
> judge what documentation users need and therefore am requesting users,
> hopefully from different backgrounds and environments, tell us what
> documentation they feel is lacking, what questions they've been asked or
> have asked themselves and couldn't find documentation for.
>
> I think we need basic documentation that tells about SELinux (both beginner
> and advanced), howto's for specific things (using secmark, using netlabel,
> etc) and a set of short 'recipes' to accomplish simple tasks.
>
> There are documents all over the place with various information, as well as
> blog entries and mailing list archives but the effort here is to consolidate
> all those resources onto selinuxproject.org.
>
> I'd also like to see volunteers in the community to help out with the
> documentation effort, I know quite a few people already write things like
> this on blogs, etc and it would be great to see that information
> moved/copied onto selinuxproject.org.
>
>
> Users:
>
> Please, if you are a user and have run in to lack of documentation respond
> to this thread, or privately if you aren't comfortable talking on list so
> that we can collect what the biggest deficiencies are and get to writing
> documentation as soon as possible.
>
>
> Thanks.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090930/932d694e/attachment.htm>