From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1PayrI-0003lB-Oe for garchives@archives.gentoo.org; Thu, 06 Jan 2011 23:03:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4C2E1E0971 for ; Thu, 6 Jan 2011 23:03:04 +0000 (UTC) Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 9F542E075F for ; Thu, 6 Jan 2011 22:32:19 +0000 (UTC) Received: by ewy6 with SMTP id 6so7466975ewy.40 for ; Thu, 06 Jan 2011 14:32:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:date:from:to:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=fk8O4hce1+9FlfPPa+/zOkxqxy6p0QRM8sniFgHkzbg=; b=W1yllmmolP3CuFT8iaajZCKi9tttGxBba8mt5mDBxSc1dQQb45ehV+C4ZNFPVcBHdY rjz9PuWCr0VmpCytax/FbmIyRfTCQ7I3vl/CV5mIUZ2EUq6ZORct/GkNet1XQisxZ+av aUFDiEyvmo9A2+ZUH6ehISjyztx//QA6wxAy4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=j+mCaQdoKiBcvVFqcerUionefLnDW7VorAk3QDZPwc0DPVkpTrwYPeAPVKTR89Yy+n ObqoDWsG8c0/6F/PXFgoMnnTWMz4ApEpDLjeftjmGIWkrBx7XfJLyjWAcJaBYYH1/E/h f3U56u2UvgH62rXDz8HW2oGpWzwsAnhlov6+Q= Received: by 10.213.15.202 with SMTP id l10mr892011eba.45.1294353138829; Thu, 06 Jan 2011 14:32:18 -0800 (PST) Received: from siphos.be ([83.101.67.57]) by mx.google.com with ESMTPS id b52sm1686666eei.1.2011.01.06.14.32.17 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 06 Jan 2011 14:32:18 -0800 (PST) Sender: Sven Vermeulen Date: Thu, 6 Jan 2011 23:32:08 +0100 From: Sven Vermeulen To: gentoo-hardened@lists.gentoo.org Subject: [gentoo-hardened] SELinux documentation draft Message-ID: <20110106223208.GA29456@siphos.be> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="/04w6evG8XlLl3ft" Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: b564d7b5-abbb-4402-9040-bff6aac2cacf X-Archives-Hash: 495bfc931457aebde456c2108ea09b5e --/04w6evG8XlLl3ft Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Hi everyone, I've been working on bringing the SELinux handbook as currently available on http://www.gentoo.org/proj/en/hardened/selinux/selinux-handbook.xml more up2date. It's somewhat of a rewrite, but with all elements of the original SELinux handbook still inside it (apart from the troubleshooting as I guess those are quite outdated, being from 2006 and older). The draft is currently available in the hardened-docs.git repository. In http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=tree;f=html/selinux;hb=HEAD you should be able to select individual chapters (HTML format) in the "raw" tree to view them somewhat like they would on the Gentoo site, but for your convenience there's also a PDF available at http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=tree;f=pdf;hb=HEAD The new draft is structed in three parts: Part A - Introduction to Gentoo/Hardened SELinux Chapter 1. Enhancing Linux Security Chapter 2. SELinux Concepts Chapter 3. The SELinux (Reference) Policy Part B - Using Gentoo/Hardened SELinux Chapter 1. Gentoo SELinux Installation / Conversion Chapter 2. SELinux Commands Chapter 3. Running in Permissive Mode Chapter 4. Switching to Enforcing Mode Chapter 5. Adding SELinux Policy Modules Part C - Appendices Chapter 1. Troubleshooting SELinux Chapter 2. SELinux Reference Material If time permits, part A will have a fourth chapter on virtualization and SELinux, but I gather that's more for the next update on the documentation. The document is currently written with the ebuilds in hardened-development overlay in mind, so everyone interested in giving Gentoo Hardened with SELinux a try can use the draft documentation with the "hardened-development" overlay. For the time being the document only supports the type enforcement features of SELinux. MLS/MCS has not been touched yet. Feedback is always welcome, including language mistakes, typos or just plain lies. Wkr, Sven Vermeulen --/04w6evG8XlLl3ft Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAk0mQugACgkQXfqz7M26L9sudgCfVhTO4ltRlUdh0LeI75VOxTGJ fV4An0BiIDD/asZTlOLPlZ0JQ8m/j/1d =DHyZ -----END PGP SIGNATURE----- --/04w6evG8XlLl3ft--