* beginner to SE Linux policy
@ 2007-07-27 19:04 Mark
2007-07-28 3:06 ` Brian M. Williams
[not found] ` <7b740b700707280714u72d59b83j3f6c3065d15e2b79@mail.gmail.com>
0 siblings, 2 replies; 6+ messages in thread
From: Mark @ 2007-07-27 19:04 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 381 bytes --]
I have seen programs that will help me to edit and analyze SE Linux
policies. What I am interested in is a resource that will help me
understand what a policy does and how to write them. At least for me,
learning at the code level and not using GUI tools helps me to understand
things better.
So what resources are out there for me to start looking at?
Thanks in advance.
Mark
[-- Attachment #2: Type: text/html, Size: 430 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread* RE: beginner to SE Linux policy 2007-07-27 19:04 beginner to SE Linux policy Mark @ 2007-07-28 3:06 ` Brian M. Williams [not found] ` <7b740b700707280714u72d59b83j3f6c3065d15e2b79@mail.gmail.com> 1 sibling, 0 replies; 6+ messages in thread From: Brian M. Williams @ 2007-07-28 3:06 UTC (permalink / raw) To: Mark, selinux Mark, As for understanding how policy works and how to write it, there is a book: SELinux by Example which goes into detailed explanation [http://www.amazon.com/SELinux-Example-Security-Enhanced-Development/dp/0131963694]. There are also slides at [http://tresys.com/selinux/selinux-course-outline.html] which come from a course which Tresys offers on SELinux policy of which the book was based. There are also some documents on the NSA site which may or may not be up to date [http://www.nsa.gov/selinux/info/docs.cfm]. Brian ________________________________________ From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov] On Behalf Of Mark Sent: Friday, July 27, 2007 3:04 PM To: selinux@tycho.nsa.gov Subject: beginner to SE Linux policy I have seen programs that will help me to edit and analyze SE Linux policies. What I am interested in is a resource that will help me understand what a policy does and how to write them. At least for me, learning at the code level and not using GUI tools helps me to understand things better. So what resources are out there for me to start looking at? Thanks in advance. Mark -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <7b740b700707280714u72d59b83j3f6c3065d15e2b79@mail.gmail.com>]
* Re: beginner to SE Linux policy [not found] ` <7b740b700707280714u72d59b83j3f6c3065d15e2b79@mail.gmail.com> @ 2007-08-07 17:56 ` Mark 2007-08-07 19:19 ` Stephen Smalley 2007-08-11 11:23 ` Daniel J Walsh 0 siblings, 2 replies; 6+ messages in thread From: Mark @ 2007-08-07 17:56 UTC (permalink / raw) To: shahbaz khan, selinux, fedora-selinux-list [-- Attachment #1: Type: text/plain, Size: 1922 bytes --] Thanks for the help. I just want to become more familiar with SE Linux and understand the context of the te, fe, if..etc files and how I can modify them so that my programs are more secure. There just seems to be alot of information that may or may not be related in order to help me. For instance, there is the seedit tools, SLIDE and RedHat tools available. Also, which is a better distribution to learn SE Linux, CentOS or Fedora Core? I am an application developer who really just needs to learn how to write policies for the programs I am developing. Things like policies, domains and domain transition are important areas I really want to learn. Thanks for the help. PS. I ordered the SE Linux by Example yesterday! -- ..Cheers Mark On 7/28/07, shahbaz khan <shazalive@gmail.com> wrote: > > Mark > > Selinux by example is the best answer to ur stated problem. NSA documents > will give u a good background because things have been changing alot. Do not > miss tresys' reference policy and policy managemnt server. U can get more > info about it from tresys' website. Once u start to get aquainted with > selinux this mailing list will be more useful to u. Also join fedora selinux > mailing list. > > I am not sure which policy analysis tool will be more useful to u. Why > dont u right a more specific question to this list w.r.t. policy analysis > tools. U might get good answers from selinux by example. > > Shaz. > > > > > On 7/28/07, Mark <elihusmails@gmail.com> wrote: > > > > I have seen programs that will help me to edit and analyze SE Linux > > policies. What I am interested in is a resource that will help me > > understand what a policy does and how to write them. At least for me, > > learning at the code level and not using GUI tools helps me to understand > > things better. > > > > So what resources are out there for me to start looking at? > > > > Thanks in advance. > > Mark > > > > [-- Attachment #2: Type: text/html, Size: 2771 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: beginner to SE Linux policy 2007-08-07 17:56 ` Mark @ 2007-08-07 19:19 ` Stephen Smalley 2007-08-07 19:29 ` Mark 2007-08-11 11:23 ` Daniel J Walsh 1 sibling, 1 reply; 6+ messages in thread From: Stephen Smalley @ 2007-08-07 19:19 UTC (permalink / raw) To: Mark; +Cc: shahbaz khan, selinux, fedora-selinux-list On Tue, 2007-08-07 at 13:56 -0400, Mark wrote: > Thanks for the help. I just want to become more familiar with SE > Linux and understand the context of the te, fe, if..etc files and how > I can modify them so that my programs are more secure. There just > seems to be alot of information that may or may not be related in > order to help me. For instance, there is the seedit tools, SLIDE and > RedHat tools available. Also, which is a better distribution to learn > SE Linux, CentOS or Fedora Core? Fedora Core tracks the latest SELinux developments more closely. The reference policy documentation should help you, online at http://oss.tresys.com/projects/refpolicy/wiki/Documentation and if you have selinux-policy installed, locally available docs under /usr/share/doc/selinux-policy-x.y.z/. SLIDE is an eclipse plugin that leverages reference policy and provides the typical IDE-style auto-completion, interface lookup, wizards for constructing domains, etc. Useful if you are ok working in an IDE. SEEdit is more about hiding the underlying abstractions and presenting a very simple UI. Requires switching to its own policy entirely, away from the stock policy. > I am an application developer who really just needs to learn how to > write policies for the programs I am developing. Things like > policies, domains and domain transition are important areas I really > want to learn. There are a number of resources, e.g. see http://selinux.sourceforge.net/resources.php3 , but many of them predate the reference policy. Reference policy documentation and SLIDE are your best bets right now, along with the book. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: beginner to SE Linux policy 2007-08-07 19:19 ` Stephen Smalley @ 2007-08-07 19:29 ` Mark 0 siblings, 0 replies; 6+ messages in thread From: Mark @ 2007-08-07 19:29 UTC (permalink / raw) To: Stephen Smalley; +Cc: shahbaz khan, selinux, fedora-selinux-list [-- Attachment #1: Type: text/plain, Size: 1949 bytes --] Thank you for the information. I will continue working with the reference policy and reading the information you provided. -- ..Cheers Mark On 8/7/07, Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On Tue, 2007-08-07 at 13:56 -0400, Mark wrote: > > Thanks for the help. I just want to become more familiar with SE > > Linux and understand the context of the te, fe, if..etc files and how > > I can modify them so that my programs are more secure. There just > > seems to be alot of information that may or may not be related in > > order to help me. For instance, there is the seedit tools, SLIDE and > > RedHat tools available. Also, which is a better distribution to learn > > SE Linux, CentOS or Fedora Core? > > Fedora Core tracks the latest SELinux developments more closely. > > The reference policy documentation should help you, online at > http://oss.tresys.com/projects/refpolicy/wiki/Documentation and if you > have selinux-policy installed, locally available docs > under /usr/share/doc/selinux-policy-x.y.z/. > > SLIDE is an eclipse plugin that leverages reference policy and provides > the typical IDE-style auto-completion, interface lookup, wizards for > constructing domains, etc. Useful if you are ok working in an IDE. > > SEEdit is more about hiding the underlying abstractions and presenting a > very simple UI. Requires switching to its own policy entirely, away > from the stock policy. > > > I am an application developer who really just needs to learn how to > > write policies for the programs I am developing. Things like > > policies, domains and domain transition are important areas I really > > want to learn. > > There are a number of resources, e.g. see > http://selinux.sourceforge.net/resources.php3 , but many of them predate > the reference policy. Reference policy documentation and SLIDE are your > best bets right now, along with the book. > > -- > Stephen Smalley > National Security Agency > > [-- Attachment #2: Type: text/html, Size: 2553 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: beginner to SE Linux policy 2007-08-07 17:56 ` Mark 2007-08-07 19:19 ` Stephen Smalley @ 2007-08-11 11:23 ` Daniel J Walsh 1 sibling, 0 replies; 6+ messages in thread From: Daniel J Walsh @ 2007-08-11 11:23 UTC (permalink / raw) To: Mark; +Cc: shahbaz khan, selinux, fedora-selinux-list Mark wrote: > Thanks for the help. I just want to become more familiar with SE > Linux and understand the context of the te, fe, if..etc files and how > I can modify them so that my programs are more secure. There just > seems to be alot of information that may or may not be related in > order to help me. For instance, there is the seedit tools, SLIDE and > RedHat tools available. Also, which is a better distribution to learn > SE Linux, CentOS or Fedora Core? > > I am an application developer who really just needs to learn how to > write policies for the programs I am developing. Things like > policies, domains and domain transition are important areas I really > want to learn. > > Thanks for the help. > > PS. I ordered the SE Linux by Example yesterday! > -- > ..Cheers > Mark You might want to try system-config-selinux/polgengui to build you a policy template. > > On 7/28/07, *shahbaz khan* <shazalive@gmail.com > <mailto:shazalive@gmail.com>> wrote: > > Mark > > Selinux by example is the best answer to ur stated problem. NSA > documents will give u a good background because things have been > changing alot. Do not miss tresys' reference policy and policy > managemnt server. U can get more info about it from tresys' > website. Once u start to get aquainted with selinux this mailing > list will be more useful to u. Also join fedora selinux mailing list. > > I am not sure which policy analysis tool will be more useful to u. > Why dont u right a more specific question to this list w.r.t. > policy analysis tools. U might get good answers from selinux by > example. > > Shaz. > > > > > On 7/28/07, *Mark* <elihusmails@gmail.com > <mailto:elihusmails@gmail.com>> wrote: > > I have seen programs that will help me to edit and analyze SE > Linux policies. What I am interested in is a resource that > will help me understand what a policy does and how to write > them. At least for me, learning at the code level and not > using GUI tools helps me to understand things better. > > So what resources are out there for me to start looking at? > > Thanks in advance. > Mark > > > > ------------------------------------------------------------------------ > > -- > fedora-selinux-list mailing list > fedora-selinux-list@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-selinux-list -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2007-08-11 11:23 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-27 19:04 beginner to SE Linux policy Mark
2007-07-28 3:06 ` Brian M. Williams
[not found] ` <7b740b700707280714u72d59b83j3f6c3065d15e2b79@mail.gmail.com>
2007-08-07 17:56 ` Mark
2007-08-07 19:19 ` Stephen Smalley
2007-08-07 19:29 ` Mark
2007-08-11 11:23 ` Daniel J Walsh
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.