Re: selinux documentation [was: Should selinux be standard?]

To: debian-devel@lists.debian.org
Subject: Re: selinux documentation [was: Should selinux be standard?]
From: Raphael Geissert <atomo64+debian@gmail.com>
Date: Wed, 17 Sep 2008 12:24:16 -0500
Message-id: <[🔎] gareg0$mcj$1@ger.gmane.org>
References: <[🔎] 20080914090810.GA7965@deprecation.cyrius.com> <[🔎] 200809141240.30196.elendil@planet.nl> <[🔎] 1221482926.4720.5.camel@shizuru> <[🔎] 87sks1a1e2.fsf@anzu.internal.golden-gryphon.com> <[🔎] 1221495124.4720.9.camel@shizuru> <[🔎] 20080915170112.GA5322@wavehammer.waldi.eu.org> <[🔎] gam7dm$jli$1@ger.gmane.org> <[🔎] 87myi87o0g.fsf@anzu.internal.golden-gryphon.com> <[🔎] gapkd5$buh$1@ger.gmane.org> <[🔎] 871vzjv2en.fsf@anzu.internal.golden-gryphon.com> <[🔎] 48D0CF1D.10102@free.fr>

Vincent Danjean wrote:
...
>   But if selinux is installed by default on all system, then I really
>   thing
> that a basic documentation for Debian administrators (I mean people
> managing machines with the Debian distribution on it, not admin of
> official Debian machines) MUST be provided.

+1

...
> 
>   Best regards,
>     Vincent
> 

Oh, and talking about man pages, it looks like there's only documentation
about the commands and such but nothing else (like an intro) [1].

I know some basic stuff about SELinux, and I still consider shipping the
packages by disabled and by default *and* without any pointer to a nice
introduction is useless. I do agree that there are changes that need people
to be educated first, but one can not just provide the stuff by default
without any special reference to them an expect people to adopt and use
them.

Cheers,
Raphael Geissert

[1] $ apropos selinux
avc_add_callback (3) - additional event notification for SELinux userspace
object managers.
avc_audit (3)        - obtain and audit SELinux access decisions.
avc_av_stats (3)     - obtain userspace SELinux AVC statistics.
avc_cache_stats (3)  - obtain userspace SELinux AVC statistics.
avc_cleanup (3)      - userspace SELinux AVC setup and teardown.
avc_compute_create (3) - obtain SELinux label for new object.
avc_compute_member (3) - obtain SELinux label for new object.
avc_context_to_sid (3) - obtain and manipulate SELinux security ID's.
avc_destroy (3)      - userspace SELinux AVC setup and teardown.
avc_entry_ref_init (3) - obtain and audit SELinux access decisions.
avc_get_initial_context (3) - obtain and manipulate SELinux security ID's.
avc_has_perm (3)     - obtain and audit SELinux access decisions.
avc_has_perm_noaudit (3) - obtain and audit SELinux access decisions.
avc_init (3)         - userspace SELinux AVC setup and teardown.
avc_reset (3)        - userspace SELinux AVC setup and teardown.
avc_sid_stats (3)    - obtain userspace SELinux AVC statistics.
avc_sid_to_context (3) - obtain and manipulate SELinux security ID's.
checkPasswdAccess (3) - query the SELinux policy database in the kernel.
context_free (3)     - Routines to manipulate SELinux security contexts
context_new (3)      - Routines to manipulate SELinux security contexts
context_range_get (3) - Routines to manipulate SELinux security contexts
context_range_set (3) - Routines to manipulate SELinux security contexts
context_role_get (3) - Routines to manipulate SELinux security contexts
context_role_set (3) - Routines to manipulate SELinux security contexts
context_type_get (3) - Routines to manipulate SELinux security contexts
context_type_set (3) - Routines to manipulate SELinux security contexts
context_user_get (3) - Routines to manipulate SELinux security contexts
context_user_set (3) - Routines to manipulate SELinux security contexts
freecon (3)          - free memory associated with SELinux security
contexts.
freeconary (3)       - free memory associated with SELinux security
contexts.
fsetfilecon (3)      - set SELinux security context of a file
get_default_context (3) - determine SELinux context(s) for user sessions
get_default_context_with_level (3) - determine SELinux context(s) for user
sessions
get_default_context_with_role (3) - determine SELinux context(s) for user
sessions
get_default_context_with_rolelevel (3) - determine SELinux context(s) for
user sessions
get_ordered_context_list (3) - determine SELinux context(s) for user
sessions
get_ordered_context_list_with_level (3) - determine SELinux context(s) for
user sessions
getcon (3)           - get SELinux security context of a process.
getexeccon (3)       - get or set the SELinux security context used for
executing a new process.
getfilecon (3)       - get SELinux security context of a file
getfscreatecon (3)   - get or set the SELinux security context used for
creating a new file system object.
getpeercon (3)       - get SELinux security context of a process.
getpidcon (3)        - get SELinux security context of a process.
getprevcon (3)       - get SELinux security context of a process.
getseuserbyname (3)  - get SELinux username and level for a given Linux
username
is_context_customizable (3) - check whether SELinux context type is
customizable by the administrator.
is_selinux_enabled (3) - check whether SELinux is enabled
lsetfilecon (3)      - set SELinux security context of a file
manual_user_enter_context (3) - determine SELinux context(s) for user
sessions
matchmediacon (3)    - get the default SELinux security context for the
specified mediatype from the policy.
matchpathcon (3)     - get the default SELinux security context for the
specified path from the file contexts...
pam_selinux (8)      - PAM module to set the default security context
pam_sepermit (8)     - PAM module to allow/deny login depending on SELinux
enforcement state
query_user_context (3) - determine SELinux context(s) for user sessions
rpm_execcon (3)      - get or set the SELinux security context used for
executing a new process.
security_av_perm_to_string (3) - convert between SELinux class and
permission values and string names.
security_av_string (3) - convert between SELinux class and permission values
and string names.
security_check_context (3) - check the validity of a SELinux context
security_class_to_string (3) - convert between SELinux class and permission
values and string names.
security_commit_booleans (3) - routines for manipulating SELinux boolean
values
security_compute_av (3) - query the SELinux policy database in the kernel.
security_compute_create (3) - query the SELinux policy database in the
kernel.
security_compute_member (3) - query the SELinux policy database in the
kernel.
security_compute_relabel (3) - query the SELinux policy database in the
kernel.
security_compute_user (3) - query the SELinux policy database in the kernel.
security_get_boolean_active (3) - routines for manipulating SELinux boolean
values
security_get_boolean_names (3) - routines for manipulating SELinux boolean
values
security_get_boolean_pending (3) - routines for manipulating SELinux boolean
values
security_get_initial_context (3) - query the SELinux policy database in the
kernel.
security_getenforce (3) - get or set the enforcing state of SELinux
security_load_booleans (3) - routines for manipulating SELinux boolean
values
security_load_policy (3) - load a new SELinux policy
security_policyvers (3) - get the version of the SELinux policy
security_set_boolean (3) - routines for manipulating SELinux boolean values
security_setenforce (3) - get or set the enforcing state of SELinux
selabel_close (3)    - userspace SELinux labeling interface.
selabel_lookup (3)   - obtain SELinux security context from a string label.
selabel_open (3)     - userspace SELinux labeling interface.
selabel_stats (3)    - obtain SELinux labeling statistics.
selinux_binary_policy_path (3) - These functions return the paths to the
active SELinux policy configuration ...
selinux_booleans_path (3) - These functions return the paths to the active
SELinux policy configuration direc...
selinux_check_securetty_context (3) - check whether a SELinux tty security
context is defined as a securetty ...
selinux_contexts_path (3) - These functions return the paths to the active
SELinux policy configuration direc...
selinux_default_context_path (3) - These functions return the paths to the
active SELinux policy configuratio...
selinux_failsafe_context_path (3) - These functions return the paths to the
active SELinux policy configurati...
selinux_file_context_path (3) - These functions return the paths to the
active SELinux policy configuration d...
selinux_getenforcemode (3) - get the enforcing state of SELinux
selinux_media_context_path (3) - These functions return the paths to the
active SELinux policy configuration ...
selinux_policy_root (3) - return the path of the SELinux policy files for
this machine.
selinux_removable_context_path (3) - These functions return the paths to the
active SELinux policy configurat...
selinux_securetty_types_path (3) - These functions return the paths to the
active SELinux policy configuratio...
selinux_set_callback (3) - userspace SELinux callback facilities.
selinux_user_contexts_path (3) - These functions return the paths to the
active SELinux policy configuration ...
set_matchpathcon_printf (3) - get the default SELinux security context for
the specified path from the file c...
setcon (3)           - get SELinux security context of a process.
setexeccon (3)       - get or set the SELinux security context used for
executing a new process.
setfilecon (3)       - set SELinux security context of a file
setfscreatecon (3)   - get or set the SELinux security context used for
creating a new file system object.
sidget (3)           - obtain and manipulate SELinux security ID's.
sidput (3)           - obtain and manipulate SELinux security ID's.
string_to_av_perm (3) - convert between SELinux class and permission values
and string names.
string_to_security_class (3) - convert between SELinux class and permission
values and string names

Reply to:

References:
- Should selinux be standard?
  - From: Martin Michlmayr <tbm@cyrius.com>
- Re: Should selinux be standard?
  - From: Frans Pop <elendil@planet.nl>
- Re: Should selinux be standard?
  - From: Josselin Mouette <joss@debian.org>
- Re: Should selinux be standard?
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Should selinux be standard?
  - From: Josselin Mouette <joss@debian.org>
- Re: Should selinux be standard?
  - From: Bastian Blank <waldi@debian.org>
- Re: Should selinux be standard?
  - From: Raphael Geissert <atomo64+debian@gmail.com>
- Re: Should selinux be standard?
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Should selinux be standard?
  - From: Raphael Geissert <atomo64+debian@gmail.com>
- Re: Should selinux be standard?
  - From: Manoj Srivastava <srivasta@debian.org>
- selinux documentation [was: Should selinux be standard?]
  - From: Vincent Danjean <vdanjean.ml@free.fr>

Prev by Date: Bug#499310: general: Keyboard layout reverts to UK Qwerty every time i log in
Next by Date: Do Danish developers care about Debian being installable in their language?
Previous by thread: selinux documentation [was: Should selinux be standard?]
Next by thread: Re: selinux documentation
Index(es):
- Date
- Thread