SELinux Policy Analysis
SELinux Policy Analysis
Project Description
The SELinux policy has never been reviewed to determine best practices for policy in a general-distribution context such as Fedora. This project provides such a policy review. It will also propose a packaged SELinux policy for an application that does not yet have one.
Project Leader(s): Peter Valerio
Wiki Page: User:Pvalerio
IRC: pvalerio
Project Contributor(s) =
Project Details
Project Plan
Tracking mechanism (bugzilla, trac, github, ...):
Key contacts:
Goals for each release and plans for reaching those goals:
- 0.1
Download and install the source rpm for the SELinux policy and study the policy source file. Look at the policy source code used by Fedora 17 and report on (a) what domains, file contexts and SELinux users have been defined (b) classification of each domain (c) what applications, system services, etc had been confined by SELinux policy on Fedora 17
Link to source rpm: http://koji.fedoraproject.org/koji/buildinfo?buildID=363460
- 0.2
Investigate and report on the steps Fedora takes to add new policy modules to newer Fedora releases.
- 0.3
Attempt to write and package an SELinux policy for an application that does not yet have one. (SQLite)
Communication
Mailing Lists
Upsteam Wiki and Web
Links/Bugs/Tracking
SElinux download: [1]