please guide me a way to study selinux in Kernel

please guide me a way to study selinux in Kernel

[Nerazzurri.YANG]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=gb18030; format=flowed, Size: 702 bytes --]


hi all,


i am studying SELinux, mainly about kernel part.

but i can not find more informations about that, except
the docs in NSA website.

most of docs and websites are about user space and policy,
which is not i want now.

please guide me a way to find more informations about selinux
in linux kernel, especially in implementations

by the way, where can i get the book

<<SELinux by Example: Using Security Enhanced Linux>>

  wrote by Tresys, i am in china.


thanks very much

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: please guide me a way to study selinux in Kernel

[James Morris]

On Wed, 20 Dec 2006, Nerazzurri.YANG wrote:

> but i can not find more informations about that, except
> the docs in NSA website.

Here are some slides I made for a talk last year at Foss.in:
http://people.redhat.com/jmorris/slides/fossin2005_selinux_kernel.pdf

SELinux uses LSM, so also see:
http://www.usenix.org/event/sec02/wright.html



-- 
James Morris
<jmorris@namei.org>

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: please guide me a way to study selinux in Kernel

[Stephen Smalley]

On Wed, 2006-12-20 at 15:00 +0800, Nerazzurri.YANG wrote:
> hi all,
> 
> 
> i am studying SELinux, mainly about kernel part.
> 
> but i can not find more informations about that, except
> the docs in NSA website.
> 
> most of docs and websites are about user space and policy,
> which is not i want now.
> 
> please guide me a way to find more informations about selinux
> in linux kernel, especially in implementations

Have you looked at the
"Implementing SELinux as a Linux Security Module" technical report?
Available from
http://www.nsa.gov/selinux/papers/module-abs.cfm
Not entirely up to date, but still a good resource on the implementation.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: please guide me a way to study selinux in Kernel

[Nerazzurri.YANG]

 >Here are some slides I made for a talk last year at Foss.in:
 >http://people.redhat.com/jmorris/slides/fossin2005_selinux_kernel.pdf

 >SELinux uses LSM, so also see:
 >http://www.usenix.org/event/sec02/wright.html

 >Have you looked at the
 >"Implementing SELinux as a Linux Security Module" technical report?
 >Available from
 >http://www.nsa.gov/selinux/papers/module-abs.cfm
 >Not entirely up to date, but still a good resource on the >implementation.


Morris, Smalley, thanks very much

i have read all these papers, but i still have not understood well

and furthermore, the informations of LSM is not necessary too.

it seems that i have to study from kernel source code.

the source code is best study material :-)

by the way, why i have not received the mail i sent to the 
list(selinux@tycho.nsa.gov), but others can see my mail sent to the
list. Is there something i misunderstand?

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: please guide me a way to study selinux in Kernel

[Nerazzurri.YANG]

Stephen Smalley wrote:
> On Fri, 2006-12-22 at 10:08 +0800, Nerazzurri.YANG wrote:
>> i have not received any mails i have sent to the list from i subscribe to
>> the list :-))
> 
> Strange.  But are you seeing other people's emails posted to the list
> (not just ones sent directly to you, like the replies to your message,
> but other messages posted to the list by other people, like the recent
> ones from Karl MacMillan)?


i think i have received the mail, do you mean this mail:

[PATCH] correct return value handling in libsemanage

The function semanage_direct_commit in libsemanage:direct_api.c does not 
correctly propagate error codes. This patch fixes that.

Signed-off-by: Karl MacMillan <kmacmillan@mentalrootkit.com>


diff -r 1ecfd5befe3f src/direct_api.c
--- a/src/direct_api.c    Thu Dec 21 17:09:45 2006 -0500
+++ b/src/direct_api.c    Thu Dec 21 17:47:06 2006 -0500
@@ -603,7 +603,8 @@ static int semanage_direct_commit(semana

.............



from Karl MacMillan.

can you reply this message direct to the list, not to me.

if i can receive the reply, that may mean the mailing list
work well.


futhermore, i will reply your mail to the list (in CC), if
you will have received two same mails, it seems that my
mail client has something wrong.


> 
>> i have checked, there are not any mail in junk and spam.
>>
>> is it possbile that my setting in thunderbird is wrong?
>>
>> everything is right, when i subscribe to other mailing list
>> such as rpm, anaconda.....
> 
> I don't see anything on our end that would explain it (no bounces to
> owner-selinux for your address, and your address is listed in the list
> members).  And if you can receive mail directly from me like this, then
> there shouldn't be any real difference - they are both going through the
> same mail servers.
> 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.