Fedora 10 SELinux User Guide: HTML single and PDF

February 10, 2009

Karsten Wade helped me add HTML single and PDF versions of the Fedora 10 SELinux User Guide to docs.fedoraproject.org:


These were built with Publican, “a single source publishing tool based on DocBook XML”.


Security-Enhanced Linux: Managing Confined Services

January 21, 2009

My employer, Red Hat, is allowing me to work on another Security-Enhanced Linux (SELinux) guide for Fedora. The name is not decided yet, but will be something like “Security-Enhanced Linux: Managing Confined Services”.

The guide is aimed at system administrators. It is planned to cover a brief introduction to SELinux, confined and unconfined services, and how to perform system administration tasks without turning SELinux off. Services will include the Apache HTTP Server, Samba, FTP, BIND, and NFS…Some of the tasks include:

* sharing files via Samba, FTP, NFS, and HTTP.
* sharing files between multiple services (for example, files accessible to the Apache HTTP Server (httpd) and FTP (vsftpd).
* manage DNS and BIND (for example, allow named to accept zone updates).
* customize the ports services listen on.
* use non-default directories to store files for services.

It is planned to go into detail about the types available for each service, as well as Booleans to cater for ways services can be run. Hopefully some of these items can find their way back into the man pages.

A brief (and in progress) information plan and content specification can be found at https://fedorahosted.org/managing-confined-services/, which covers items to include. Feel free to mail me (mmcallis redhat com) with any ideas or things you would like included.

Bed, Nintendo, and SELinux User Guide

October 7, 2008

After almost 9 months of sleeping on the floor, I am sleeping in a real bed again – it is awesome. I can not believe how comfortable it is!

I was sick one weekend and bought a Nintendo DS. I played through my childhood memories (Zelda and Final Fantasy). Yay. I have been racing Ryan Lerch at Mario Kart.

SELinux User Guide is going okay. Lots to get done before Fedora 10. The following is the latest draft:

Also, I was lucky enough to meet Nigel “G” Jones while he was visiting Australia/Brisbane 🙂

SELinux User Guide

July 18, 2008


Apologies if this doubles up, because it is the same thing I sent to a few lists.

I have recently started a new project — an SELinux User Guide — with Daniel Walsh, Michael Smith, and a few other people from Red Hat.

There are a few SELinux books, but these are very technical. We want to create a guide that people with no previous SELinux experience can use, to allow them to do what they want without turning SELinux off.

I have started a rough information plan that includes the current schedule, information sources, and some ideas for the content that may be included. The information plan is located here. The main project page is located here.

Among other things, we are going to try to cover the following topics from the current SELinux project documentation todo list:

* “Explain how to interpret an AVC message and how to get additional information via SYSCALL audit, including how to add a simple syscall audit filter to enable collection of PATH information”.
* Document Confined Users”.
* “Update FC5 FAQ”.
* “Document the use of the mount command for overriding file context”.
* “Describe Audit2allow and how it can just Fix the machine”.
* “Update and organize the Fedora SELinux FAQ”.

If anyone has any ideas about what they would like to see in the guide, or any corrections to the current topics we would like to include, please let us know. As well, user feedback and comments can be left on the Feedback page. A Fedora account is required to use the Wiki – if you do not have one, please do not hesitate to mail me directly at ‘mmcallis at redhat dot com’. Thanks for your help 🙂

Big thank you to the following people for putting up with all my MediaWiki questions today:

* ryanlerch
* stickster
* ianweller
* Nigel Jones (G)

And everyone else I have forgotten from #fedora-docs and #fedora-admin on Freenode.


Hello and thank you

July 15, 2008


A quick post to make sure my planet file works, and to test the hackgotchi runa just made.

I am starting a new project (more posts to follow), and would like to thank the following people for their help so far:
* ianweller
* ryanlerch
* mether
* G
* stickster
* quaid

and everyone in #fedora-docs and #fedora-admin on freenode.