From: "Sven Vermeulen" <sven.vermeulen@siphos.be>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/
Date: Sun, 18 Sep 2011 13:49:35 +0000 (UTC) [thread overview]
Message-ID: <e192a4decc6aaf25d42789816fa2d716f1d328c0.SwifT@gentoo> (raw)
commit: e192a4decc6aaf25d42789816fa2d716f1d328c0
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Sep 18 13:48:08 2011 +0000
Commit: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
CommitDate: Sun Sep 18 13:48:08 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=e192a4de
Start larger update effort on SELinux documentation
---
xml/selinux/selinux-handbook.xml | 104 ++++++++++++++++++++++----------------
1 files changed, 60 insertions(+), 44 deletions(-)
diff --git a/xml/selinux/selinux-handbook.xml b/xml/selinux/selinux-handbook.xml
index 53e4cf1..893e120 100644
--- a/xml/selinux/selinux-handbook.xml
+++ b/xml/selinux/selinux-handbook.xml
@@ -24,8 +24,8 @@ This is the Gentoo SELinux Handbook.
<!-- See http://creativecommons.org/licenses/by-sa/1.0 -->
<license/>
-<version>3.00</version>
-<date>2010-12-01</date>
+<version>4</version>
+<date>2011-09-18</date>
<part>
<title>Introduction to Gentoo/Hardened SELinux</title>
@@ -57,6 +57,17 @@ how SELinux policies work and how to troubleshoot if things go wrong.
</chapter>
<chapter>
+<title>SELinux Resources</title>
+<abstract>
+To get more acquainted with SELinux, many resources exist on the Internet.
+In this chapter we give a quick overview of the various resources as well
+as places where you can get more help when you are fighting with SELinux.
+</abstract>
+ <include href="hb-intro-resources.xml"/>
+</chapter>
+
+<!--
+<chapter>
<title>The SELinux (Reference) Policy</title>
<abstract>
To streamline SELinux policy development, a reference policy is being developed
@@ -68,10 +79,6 @@ cover the basics on SELinux policies in general.
<include href="hb-intro-referencepolicy.xml"/>
</chapter>
-<!--
- Removed for the time being, not critical.
- Moved to next major version of handbook.
-
<chapter>
<title>SELinux Virtual Machine Support</title>
<abstract>
@@ -105,79 +112,88 @@ you through this process.
</chapter>
<chapter>
+<title>Configuring SELinux For Your Needs</title>
+<abstract>
+With SELinux now "installed" and enabled (although in permissive mode), we now
+configure it to suit your particular needs. After all, SELinux is a Mandatory
+Access Control system where you, as security administrator, define what is
+allowed and what not.
+</abstract>
+ <include href="hb-using-configuring.xml"/>
+</chapter>
+
+<chapter>
<title>SELinux Commands</title>
<abstract>
-Before we start with SELinux, we first take a step back and get to know a few
-commands. As we are currently running a SELinux enabled system (but in
-permissive mode) we can now get acquainted with the various SELinux-specific
-commands.
+Let's take a step back and get to know a few more commands. We covered most of
+them in the previous section, but we will now dive a bit deeper in its
+syntax, features and potential pitfalls.
</abstract>
<include href="hb-using-commands.xml"/>
</chapter>
<chapter>
-<title>Running in Permissive Mode</title>
+<title>Permissive, Unconfined, Disabled or What Not...</title>
<abstract>
-Once SELinux is active, we first start by running the system in permissive mode.
-In this chapter, we tell you how to get acquainted with SELinux more in-depth
-with live command information, but without interfering with the standard access
-controls (i.e. in permissive mode).
+Your system can be in many SELinux states. In this chapter, we help you switch
+between the various states / policies.
</abstract>
- <include href="hb-using-permissive.xml"/>
+ <include href="hb-using-states.xml"/>
</chapter>
<chapter>
-<title>Switching to Enforcing Mode</title>
+<title>Modifying the Gentoo Hardened SELinux Policy</title>
<abstract>
-Once you believe that the system can be ran in enforcing mode, we switch the
-system to verify if this is true. Once verified, the next step is to (re)boot in
-enforcing mode. Finally, if we are confident that the enforcing is working
-properly and that the system is still doing its job correctly, we fix the
-enforcing mode so that it cannot be disabled anymore.
+Gentoo Hardened offers a default policy, but this might not allow what you want
+(or allows too much). In this chapter we tell you how you can tweak Gentoo's
+policy, or even run your own.
</abstract>
- <include href="hb-using-enforcing.xml"/>
+ <include href="hb-using-policies.xml"/>
</chapter>
<chapter>
-<title>Adding SELinux Policy Modules</title>
+<title>Troubleshooting SELinux</title>
<abstract>
-Far from all packages where SELinux policy modules are available for have a
-corresponding package in Gentoo/Hardened. In this chapter, we help you to add
-more modules yourself or create your own modules for those packages that have no
-SELinux policies yet.
+Everything made by a human can and will fail. In this chapter we will try to
+keep track of all potential issues you might come across and how to resolve
+them.
</abstract>
- <include href="hb-using-policymodules.xml"/>
+ <include href="hb-using-troubleshoot.xml"/>
</chapter>
</part>
+<!--
<part>
-<title>Appendices</title>
+<title>Advanced SELinux</title>
<abstract>
-Additional resources and referenced materials within this book are mentioned in
-this appendix.
+SELinux can be much more integrated in the system. In this part, we describe how
+to enhance SELinux configurations, tuning and securing your system even more.
</abstract>
<chapter>
-<title>Troubleshooting SELinux</title>
+<title>Working with MLS</title>
<abstract>
-Everything made by a human can and will fail. In this chapter we will try to
-keep track of all potential issues you might come across and how to resolve
-them.
+...
</abstract>
- <include href="hb-appendix-troubleshoot.xml"/>
+ <include href="hb-advanced-mls.xml"/>
</chapter>
<chapter>
-<title>SELinux Reference Material</title>
+<title>Using s(ecure) Virt(ualization)</title>
<abstract>
-This Gentoo Hardened SELinux handbook gives a first introduction to SELinux and
-how it is integrated in Gentoo Hardened. But more seasoned administrators will
-most definitely want to read up on the more advanced uses (and managerial
-challenges) of SELinux - which we definitely recommend. A non-exhaustive list is
-compiled in this chapter.
+...
</abstract>
- <include href="hb-appendix-reference.xml" />
+ <include href="hb-advanced-svirt.xml"/>
+</chapter>
+
+<chapter>
+<title>Using Netlabel</title>
+<abstract>
+...
+</abstract>
+ <include href="hb-advanced-netlabel.xml"/>
</chapter>
</part>
+-->
</book>
next reply other threads:[~2011-09-18 13:49 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-18 13:49 Sven Vermeulen [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-05-07 20:20 [gentoo-commits] proj/hardened-docs:master commit in: xml/selinux/ Sven Vermeulen
2012-05-07 20:07 Sven Vermeulen
2012-05-05 18:56 Sven Vermeulen
2012-04-29 14:22 Sven Vermeulen
2012-04-10 18:22 Sven Vermeulen
2012-04-10 18:22 Sven Vermeulen
2012-04-10 18:22 Sven Vermeulen
2012-04-05 16:24 Sven Vermeulen
2012-03-01 20:09 Sven Vermeulen
2012-01-29 12:42 Sven Vermeulen
2012-01-21 13:20 Sven Vermeulen
2011-12-17 10:52 Sven Vermeulen
2011-12-11 14:39 Sven Vermeulen
2011-12-11 14:36 Sven Vermeulen
2011-12-10 14:00 Sven Vermeulen
2011-11-22 20:08 Sven Vermeulen
2011-11-11 19:59 Sven Vermeulen
2011-10-27 19:18 José María Alonso
2011-10-26 22:05 José María Alonso
2011-10-23 13:01 Sven Vermeulen
2011-10-19 12:55 Sven Vermeulen
2011-10-15 18:24 Sven Vermeulen
2011-10-15 17:43 Sven Vermeulen
2011-10-15 17:12 Sven Vermeulen
2011-10-15 15:54 Sven Vermeulen
2011-10-15 15:18 Sven Vermeulen
2011-10-15 13:04 Sven Vermeulen
2011-10-15 13:04 Sven Vermeulen
2011-09-30 17:36 Sven Vermeulen
2011-09-11 9:51 Sven Vermeulen
2011-09-04 19:22 Sven Vermeulen
2011-08-16 16:58 José María Alonso
2011-08-12 21:00 Sven Vermeulen
2011-07-22 16:03 Sven Vermeulen
2011-07-21 19:11 Sven Vermeulen
2011-07-13 21:39 Sven Vermeulen
2011-07-09 18:56 Sven Vermeulen
2011-06-09 18:54 José María Alonso
2011-06-09 17:49 Sven Vermeulen
2011-06-09 17:40 Francisco Blas Izquierdo Riera
2011-06-09 17:24 Sven Vermeulen
2011-06-07 19:38 Sven Vermeulen
2011-06-07 19:26 Sven Vermeulen
2011-06-02 19:50 Sven Vermeulen
2011-06-02 11:57 Sven Vermeulen
2011-06-02 11:55 Sven Vermeulen
2011-06-02 11:03 Sven Vermeulen
2011-06-02 11:03 Sven Vermeulen
2011-05-31 20:22 Sven Vermeulen
2011-05-31 20:16 Sven Vermeulen
2011-05-31 20:16 Sven Vermeulen
2011-05-24 20:39 Sven Vermeulen
2011-05-24 19:56 Sven Vermeulen
2011-05-20 19:32 Sven Vermeulen
2011-05-14 12:51 Sven Vermeulen
2011-05-13 19:43 Sven Vermeulen
2011-05-03 20:47 Sven Vermeulen
2011-05-03 20:12 Sven Vermeulen
2011-04-22 21:43 Sven Vermeulen
2011-04-22 19:30 Sven Vermeulen
2011-04-22 19:28 Sven Vermeulen
2011-04-22 19:05 Sven Vermeulen
2011-04-22 19:05 Sven Vermeulen
2011-04-22 10:32 Sven Vermeulen
2011-04-22 10:32 Sven Vermeulen
2011-04-16 9:06 Sven Vermeulen
2011-04-15 19:10 Sven Vermeulen
2011-04-15 17:52 Sven Vermeulen
2011-04-15 17:52 Sven Vermeulen
2011-04-10 7:49 Sven Vermeulen
2011-04-01 17:45 Sven Vermeulen
2011-03-09 16:54 Sven Vermeulen
2011-03-02 20:48 Sven Vermeulen
2011-03-02 20:38 Sven Vermeulen
2011-03-02 20:38 Sven Vermeulen
2011-03-02 20:13 Sven Vermeulen
2011-03-02 20:13 Sven Vermeulen
2011-03-02 20:13 Sven Vermeulen
2011-03-02 15:53 Sven Vermeulen
2011-02-24 21:19 Sven Vermeulen
2011-02-20 13:26 Sven Vermeulen
2011-02-19 17:00 Francisco Blas Izquierdo Riera
2011-02-19 3:21 Francisco Blas Izquierdo Riera
2011-02-19 3:12 Francisco Blas Izquierdo Riera
2011-02-13 18:20 Sven Vermeulen
2011-02-12 23:44 Sven Vermeulen
2011-02-12 23:44 Sven Vermeulen
2011-02-12 20:50 Sven Vermeulen
2011-02-12 20:49 Sven Vermeulen
2011-02-12 20:47 Sven Vermeulen
2011-02-12 20:47 Sven Vermeulen
2011-02-12 20:47 Sven Vermeulen
2011-02-12 17:33 Sven Vermeulen
2011-02-06 19:53 Sven Vermeulen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e192a4decc6aaf25d42789816fa2d716f1d328c0.SwifT@gentoo \
--to=sven.vermeulen@siphos.be \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox