Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-hardened

From: "S. Lockwood-Childs" <sjl@××××××××××××.com>
To: gentoo-hardened@l.g.o
Subject: Re: [gentoo-hardened] Feedback on updated SELinux docs
Date: Mon, 26 May 2014 20:12:07
Message-Id: 20140526201746.GZ3034@dent.vctlabs.com
In Reply to: Re: [gentoo-hardened] Feedback on updated SELinux docs by Sven Vermeulen
1 On Mon, May 26, 2014 at 07:02:10AM +0000, Sven Vermeulen wrote:
2 > On Sun, May 25, 2014 at 01:13:58AM -0700, S. Lockwood-Childs wrote:
3 > > Overall, it looks really good. Kudos for a job well done.
4 > >
5 > > I put in a couple of edits to try to improve a couple parts that seemed
6 > > a little hard to follow, but the main area for improvement I see is that
7 > > policy types are not discussed as a core concept. "Users and logins" mentions
8 > > targeted policy in the context of unconfined_u, but there's no preceding
9 > > section that could be linked in as a reference for more information.
10 > > The "expert" section on policy store does mention the standard policy types,
11 > > but it seems important enough topic that it deserves a mention in the
12 > > intro article (in particular, enough to guide user on choice between strict
13 > > and targeted).
14 >
15 > Hi
16 >
17 > Thanks for the feedback and the edits.
18 >
19 > I was hoping that policy stores were sufficiently documented in the
20 > installation instructions [1] as most users will not need to switch types
21 > afterwards.
22 >
23 > [1]
24 > https://wiki.gentoo.org/wiki/SELinux/Installation#Choosing_a_SELinux_policy_type
25 >
26 > I am considering moving the policy document [2] to the user guides though. I
27 > could enhance that document with more information about policy stores as
28 > well without touching on the more in-depth feedback that is in the policy
29 > store document [3]
30 >
31 > [2] https://wiki.gentoo.org/wiki/SELinux/Policy
32 > [3] https://wiki.gentoo.org/wiki/SELinux/Policy_store
33
34 Sounds like a good idea to me. Policy belongs as a core concept for new
35 users, rather than just getting a mention during installation. The section
36 under installation does look pretty clear, something like that would go well
37 in the to-be-transplanted Policy section.
Report Message
Find on MARC Find on Google Groups