Bug 403261 - Need SELinux guide for RHEL5
Need SELinux guide for RHEL5
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: Documentation-Security (Show other bugs)
5.1
All Linux
low Severity low
: ---
: ---
Assigned To: Scott Radvan
:
Depends On:
Blocks: 237606
  Show dependency treegraph
 
Reported: 2007-11-28 13:44 EST by Aleksander Adamowski
Modified: 2015-04-06 23:19 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-15 18:49:27 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Aleksander Adamowski 2007-11-28 13:44:15 EST
There's an excellent guide to SELinux on RHEL4 available from Red Hat:
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/

I've implemented SELinux on chosen servers in a large RHEL-based infrastructure
of a customer.

However, I fear that migration to RHEL5 with its binary module, MLS policy and
changes in tools will be difficult, since Red Hat hasn't published an updated
guide for RHEL 5.

I think that this guide is essential to SELinux adoption on RHEL.
Comment 1 Aleksander Adamowski 2007-11-28 13:47:42 EST
BTW, see also this opinion on TechTarget by Ken Milberg:

http://searchenterpriselinux.techtarget.com/tip/0,289483,sid39_gci1279160,00.html

choice quote:

"Red Hat should publish more detailed documentation on SELinux and RHEL5: until
that happens, I fear that administrators will continue to shun SELinux."
Comment 2 David O'Brien 2008-01-14 20:58:23 EST
No longer involved in RHEL Deployment Guide
Comment 3 Don Domingo 2008-01-31 22:38:33 EST
queueing to majorworkqueue
Comment 4 Murray McAllister 2008-09-07 22:55:48 EDT
Hi,

I am working on an SELinux user guide for Fedora 10, which will eventually be forked for Red Hat Enterprise Linux:

<http://fedoraproject.org/wiki/Docs/Drafts/SELinux_User_Guide>

Don't hesitate to let me know if there is anything in particular that you would like covered.

Cheers.
Comment 5 Aleksander Adamowski 2008-09-26 11:12:39 EDT
There should be detailed procedures and best practices on customising the policy (by building custom modules).

I've noticed that there are many more ready-made macros for various permissions, the documentation should contain general explanation of how they are designed (the naming conventions, the spirit that lies in their design and interrelations) and a detailed catalogue of all of them.

Changes in relation to SELinux policy between RHEL4 and RHEL5 should be described in detail and guidelines for migration of custom policy changes for RHEL4 to RHEL5 modular policy should be presented.

If there are changes in important macros (like object permission sets), they should always be mentioned in release notes.

All that should of course be on top of the stuff that was in the previous RHEL4 SELinux guide.
Comment 6 Murray McAllister 2008-09-30 02:50:28 EDT
Thanks for the suggestions. The first release of the user guide is aimed at user-oriented tasks, not policy writing.

At the moment, "SELinux by Example"[1] is the best book available for SELinux, and covers some of the items you want.

[1] <http://www.amazon.com/SELinux-Example-Security-Prentice-Development/dp/0131963694/sr=8-1/qid=1162103525/ref=pd_bbs_sr_1/102-6653524-9000938?ie=UTF8&s=books>
Comment 7 Murray McAllister 2008-11-26 02:03:23 EST
You might be interested in:

<http://docs.fedoraproject.org/selinux-user-guide/f10/en-US/>

It has to be "forked" for Red Hat Enterprise Linux eventually.

Cheers.
Comment 9 Scott Radvan 2010-04-15 18:49:27 EDT
The next SELinux User guide will be for Red Hat Enterprise Linux 6 and is brought over from Fedora.  Closing this as WONTFIX.  Any assistance you can offer with Fedora Docs to help improve quality and availability of the documentation is welcomed.

Note You need to log in before you can comment on or make changes to this bug.