A step-by-step guide to building a new SELinux policy module

Are people still terrified of SELinux? Of its complicated policy module creation and rules by the fist mentality over Linux systems? Oh right, they are. That’s why over the past year every conference I’ve attended had a session about SELinux and how much easier it is to use than it was last year.

Red Hat Magazine editor and SELinux guru Dan Walsh:

“Who’s afraid of SELinux? Well, if you are, you shouldn’t be! Thanks to the introduction of new GUI tools, customizing your system’s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process.

A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they’re done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.”

Hmm, magic. Good one. I think when SELinux does work as advertised you’d be hard pressed to find a Linux administrator who doesn’t attribute some of that success to the Black Arts.

Does SELInux work? Is it really powerful? You bet it is, but maybe *too* powerful since users are routinely switching it off when it doesn’t allow them to do anything with their own systems.

Luckily for you RHEL users out there, Walsh goes beyond magic tricks and lays out a step-by-step explainer for SELinux policy module creation in his latest article at Red Hat Magazine. He advises users to start small, use new tools like polgengui, and then he just goes crazy with the steps (complete with screen grabs for the visual learners, like myself).

It’s a good read, and if my experience with Walsh is any indication (I’ve seen his presentation at the Red Hat Summit), there will be more to follow.