Description of problem: This document provides a review of the concept and implementation of traditional UNIX mode-based permissions and POSIX Access Control Lists to develop effective access control safeguards in a instance of Fedora. There is very limited documentation currently available on the internet for this topic. It is questionable whether or not to include the extended attributes(EA) implementation within this document or submit it as another subject.
I don't see why you couldn't include EAs. Maybe the title could reflect slightly more inclusive content, such as "File Access Control." You could address SELinux extensions by simply pointing readers to appropriate references such as the SELinux FAQ and, of course, any other guides with which you're familiar. Good luck!
Ok. I will rework the layout and include ea's. Given that a great multitude of access control schemas exist under the DAC system, I think it would be appropriate to alter the title to "Securing Filesystems". How does that tickle you? It is definitly more inclusive; yet correctly encompasses all the different types of filesystem objects. Good point. Definitly a pointer to SELinux content will be outside this projects scope -- but needs to be included. I've quickly reviewed the current selinux docs previously; but will need to research further the appropriate content location of this resource. I will attempt to get an initial draft structure completed by end of this weekend. What do you think?
Sounds like a good plan. BTW, I'm the author of the Fedora SELinux FAQ and the Red Hat SELinux Guide. I'll be happy to help you sort out what is useful for your purposes. If, when reading through them, you find anything worthy of a bugzilla, the template you can use is linked from my people.redhat.com page: http://fedora.redhat.com/docs/selinux-faq-fc3/ http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/ http://people.redhat.com/kwade/ (or use this for the bz template for the Guide: http://tinyurl.com/c2n4v) Thanks!
New ACLs draft is now available: https://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/AccessControlLists It's been proof-read and mark XML ready. Likely to be released as part of AG at Fedora 9 release time. Should this be closed now?
As you say, it is in draft (rawhide) to make in the next version of the Administration Guide, so I'm closing this as "in rawhide".