== Pointers to some SELinux explanations SELinux is one of those things that have been cropping up on my radar ever since I had to start telling the Red Hat installer not to turn it on. (I kept not enabling it because changing an entire security architecture of a system is not to be done lightly, even when it's a new system I'm setting up.) SELinux is an imposing system with equally imposing documentation. Fortunately, recently Dan Walsh of Red Hat has been posting some very useful (to me) 'SELinux for beginners' documentation: # [[a basic introduction http://danwalsh.livejournal.com/1538.html]] # [[How does SELinux enforce policy? http://danwalsh.livejournal.com/2018.html]] # [[Applications that work with SELinux http://danwalsh.livejournal.com/2317.html]] # [[File contexts and mv/cp/install http://danwalsh.livejournal.com/2639.html]] # [[How logging in and so on work http://danwalsh.livejournal.com/2983.html]] # [[The _/etc/selinux/config_ file and how to change what SELinux level your system uses http://danwalsh.livejournal.com/3144.html]] # [[config files in general http://danwalsh.livejournal.com/3687.html]] # [[Managing file contexts http://danwalsh.livejournal.com/4208.html]] # [[the restorcond daemon http://danwalsh.livejournal.com/4368.html]] # [[SELinux manpages and AVC messages http://danwalsh.livejournal.com/4780.html]] # [[Booleans http://danwalsh.livejournal.com/5001.html]] # [[Role Based Access Controls (RBAC) http://danwalsh.livejournal.com/5256.html]] # [[Using RBAC in a MLS policy http://danwalsh.livejournal.com/5397.html]] # [[more on Module handling http://danwalsh.livejournal.com/5798.html]] # [[SELinux reveals bugs in other code http://danwalsh.livejournal.com/6117.html]] # [[Loadable Modules - File Context http://danwalsh.livejournal.com/6356.html]] There's also a Fedora Core 5 [[SELinux FAQ http://fedora.redhat.com/docs/selinux-faq-fc5/]], with links to other FAQs. However, from reading through it I think Dan Walsh's stuff is easier to follow. (This entry is a bit belated, because [[Dan Walsh http://danwalsh.livejournal.com/]] didn't so much wrap up his series of entries as stop writing them, which I can't exactly blame him for, and I was sitting on it until the series was 'complete'.)