SELinux Policy Analysis

From CDOT Wiki
Jump to: navigation, search

SELinux Policy Analysis

Project Description

The SELinux policy has never been reviewed to determine best practices for policy in a general-distribution context such as Fedora. This project provides such a policy review. It will also propose a packaged SELinux policy for an application that does not yet have one.

Project Leader(s): Peter Valerio
Wiki Page: User:Pvalerio
IRC: pvalerio

Project Contributor(s) =

Project Details

Project Plan

Tracking mechanism (bugzilla, trac, github, ...):

Key contacts:

Goals for each release and plans for reaching those goals:

  • 0.1

Download and install the source rpm for the SELinux policy and study the policy source file. Look at the policy source code used by Fedora 17 and report on (a) what domains, file contexts and SELinux users have been defined (b) classification of each domain (c) what applications, system services, etc had been confined by SELinux policy on Fedora 17

Link to source rpm: http://koji.fedoraproject.org/koji/buildinfo?buildID=363460

  • 0.2

Investigate and report on the steps Fedora takes to add new policy modules to newer Fedora releases.

  • 0.3

Attempt to write and package an SELinux policy for an application that does not yet have one. (SQLite)

Communication

Mailing Lists

Upsteam Wiki and Web

Links/Bugs/Tracking

SElinux download: [1]

Source Code Control

Blogs

Seneca Particpants

Non-Seneca Participants

Planets

Project News