Difference between revisions of "SELinux Policy Analysis"

From CDOT Wiki
Jump to: navigation, search
(Links/Bugs/Tracking)
 
(4 intermediate revisions by 2 users not shown)
Line 3: Line 3:
  
 
== Project Description ==
 
== Project Description ==
 
+
The SELinux policy has never been reviewed to determine best practices for policy in a general-distribution context such as Fedora. This project provides such a policy review. It will also propose a packaged SELinux policy for an application that does not yet have one.
 
<!-- Description should be no longer than a paragraph.  Include links to any relevant on-line resources.  For example, [http://fedoraproject.org/wiki] or [http://developer.mozilla.org MDC]. -->
 
<!-- Description should be no longer than a paragraph.  Include links to any relevant on-line resources.  For example, [http://fedoraproject.org/wiki] or [http://developer.mozilla.org MDC]. -->
  
<sub></sub>== Project Leader(s) ==
+
<sub></sub> Project Leader(s): '''Peter Valerio''' <br />  
 
+
Wiki Page: [[User:Pvalerio]]<br />
'''Jamal Jalali''' <br />
+
IRC: pvalerio<br />
Wiki Page: [[User:Jamal_Jalali-Dolatshahi]]<br />
 
IRC: jjalali<br />
 
 
 
'''Zhi Chang Ou'''<br />
 
Wiki Page: [[User: Zhi Chang Ou]]<br />
 
IRC: maximum
 
  
 
= Project Contributor(s) ==
 
= Project Contributor(s) ==
Line 36: Line 30:
 
<!-- Note: each contributor is expected to have unique goals. These goals may be ''related'' to other students' work, but must be ''distinct'' and ''attainable'' regardless of the state of the other students' work. For example, under the umbrella of one project title, one student may work on packaging a piece of software and another may work on documentation, or one may work on solving one bug and another on solving another bug, but two students must not work on the same bug or depend on the other students' work in order to be able to complete their own project. -->
 
<!-- Note: each contributor is expected to have unique goals. These goals may be ''related'' to other students' work, but must be ''distinct'' and ''attainable'' regardless of the state of the other students' work. For example, under the umbrella of one project title, one student may work on packaging a piece of software and another may work on documentation, or one may work on solving one bug and another on solving another bug, but two students must not work on the same bug or depend on the other students' work in order to be able to complete their own project. -->
 
* 0.1
 
* 0.1
 +
Download and install the source rpm for the SELinux policy and study the policy source file. Look at the policy source code used by Fedora 17 and report on
 +
(a) what domains, file contexts and SELinux users have been defined
 +
(b) classification of each domain
 +
(c) what applications, system services, etc had been confined by SELinux policy on Fedora 17
 +
 +
Link to source rpm: http://koji.fedoraproject.org/koji/buildinfo?buildID=363460
 +
 
* 0.2
 
* 0.2
 +
Investigate and report on the steps Fedora takes to add new policy modules to newer Fedora releases.
 
* 0.3
 
* 0.3
 +
Attempt to write and package an SELinux policy for an application that does not yet have one. (SQLite)
  
 
== Communication ==
 
== Communication ==
Line 48: Line 51:
  
 
=== Links/Bugs/Tracking ===
 
=== Links/Bugs/Tracking ===
SElinux download: [http://www.]
+
SElinux download: [http://koji.fedoraproject.org/koji/buildinfo?buildID=363460]
  
 
=== Source Code Control ===
 
=== Source Code Control ===

Latest revision as of 13:06, 5 November 2012

SELinux Policy Analysis

Project Description

The SELinux policy has never been reviewed to determine best practices for policy in a general-distribution context such as Fedora. This project provides such a policy review. It will also propose a packaged SELinux policy for an application that does not yet have one.

Project Leader(s): Peter Valerio
Wiki Page: User:Pvalerio
IRC: pvalerio

Project Contributor(s) =

Project Details

Project Plan

Tracking mechanism (bugzilla, trac, github, ...):

Key contacts:

Goals for each release and plans for reaching those goals:

  • 0.1

Download and install the source rpm for the SELinux policy and study the policy source file. Look at the policy source code used by Fedora 17 and report on (a) what domains, file contexts and SELinux users have been defined (b) classification of each domain (c) what applications, system services, etc had been confined by SELinux policy on Fedora 17

Link to source rpm: http://koji.fedoraproject.org/koji/buildinfo?buildID=363460

  • 0.2

Investigate and report on the steps Fedora takes to add new policy modules to newer Fedora releases.

  • 0.3

Attempt to write and package an SELinux policy for an application that does not yet have one. (SQLite)

Communication

Mailing Lists

Upsteam Wiki and Web

Links/Bugs/Tracking

SElinux download: [1]

Source Code Control

Blogs

Seneca Particpants

Non-Seneca Participants

Planets

Project News