Documentation TODO

From SELinux Wiki

(Difference between revisions)

Revision as of 20:20, 27 November 2009

This is the TODO list for documentation. The format should generally be short, consumable recipes for doing particular things, eg., letting apache talk to a database.

When longer explanations are required (eg., locking down a machine) they should be broken in to small, reusable pages with each targeting a narrow part of the problem. Then a main page can be written that links all the documents together into something cohesive.

For those who have not used MediaWiki before you may need to read [1]

Below are some specific pieces of documentation we'd like written. Copy Editing/general cleanup is also appreciated.

Vendor documentation (Why a vendor might choose SELinux for a solution, what it provides and finally how to use it effectively)
Pull userspace object manager docs from online papers and make a concise howto
Advanced recipes
- Lock down users
- Using roles
- Making new roles not based on others
- Locking down webapps by using CGI's (or FastCGI), separating CGI's from each other, user CGI's from system CGI's, etc
What is UBAC?
How to upgrade a system from a previously SELinux-disabled system (e.g. how to ensure any restored data like /home is correctly labeled)
Explain how and when to use semanage fcontext, port, login and user.
Explain how to interpret an AVC message and how to get additional information via SYSCALL audit, including how to add a simple syscall audit filter to enable collection of PATH information.
Write a HOWTO for writing simple policy modules.
Write a HOWTO for how to iteratively generate policy using audit2allow and permissive domains.
A brief high-level user-oriented overview of SELinux which people can use to understand what SELinux does, how it's part of a defense in depth approach, the value it provides and what is involved in using it effectively (e.g. set expectations of benefit/cost).
Translate danwalsh.livejounal.com in to a beginner user guide
Document all major policy domains, apache, samba, bind, ftp ... Basically man httpd_selinux, What are the types/booleans available for a particular domain, and how do I assign them
Document the use of the mount command for overriding file context.
Describe Leaked File Descriptors
Document Network Labeling
Document Confined Users
Document HOWTO write setroubleshoot plugins
Explain least privilege and how you can consider it and SELinux during application development.
Document some common tasks performed with apol that might be useful to users.

Retrieved from "http://selinuxproject.org/page/Documentation_TODO"

+This is the TODO list for documentation. The format should generally be short, consumable recipes for doing particular things, eg., letting apache talk to a database.
+When longer explanations are required (eg., locking down a machine) they should be broken in to small, reusable pages with each targeting a narrow part of the problem. Then a main page can be written that links all the documents together into something cohesive.
+For those who have not used MediaWiki before you may need to read [http://www.mediawiki.org/wiki/Help:Formatting]
+Below are some specific pieces of documentation we'd like written. Copy Editing/general cleanup is also appreciated.
+* Vendor documentation (Why a vendor might choose SELinux for a solution, what it provides and finally how to use it effectively)
+* Pull userspace object manager docs from online papers and make a concise howto
+* Advanced recipes
+** Lock down users
+** Using roles
+** Making new roles not based on others
+** Locking down webapps by using CGI's (or FastCGI), separating CGI's from each other, user CGI's from system CGI's, etc
+* What is UBAC?
 * How to upgrade a system from a previously SELinux-disabled system (e.g. how to ensure any restored data like /home is correctly labeled)
-* Update and organize the Fedora SELinux FAQ.
 * Explain how and when to use semanage fcontext, port, login and user.
 * Explain how to interpret an AVC message and how to get additional information via SYSCALL audit, including how to add a simple syscall audit filter to enable collection of PATH information.
 * Write a HOWTO for how to iteratively generate policy using audit2allow and permissive domains.
 * A brief high-level user-oriented overview of SELinux which people can use to understand what SELinux does, how it's part of a defense in depth approach, the value it provides and what is involved in using it effectively (e.g. set expectations of benefit/cost).
-* Update FC5 FAQ
 * Translate danwalsh.livejounal.com in to a beginner user guide
 * Document all major policy domains, apache, samba, bind, ftp ...  Basically man httpd_selinux,  What are the types/booleans available for a particular domain, and how do I assign them
 * Document the use of the mount command for overriding file context.
 * Describe Leaked File Descriptors
-* Describe Audit2allow and how it can just Fix the machine
 * Document Network Labeling
 * Document Confined Users

Documentation TODO

From SELinux Wiki

Revision as of 20:20, 27 November 2009

Views

Personal tools

Navigation

Search

Toolbox