Enterprise Linux Log

Aug 22 2007   11:31AM GMT

A step-by-step guide to building a new SELinux policy module


REd Hat Magazine article excpertAre people still terrified of SELinux? Of its complicated policy module creation and rules by the fist mentality over Linux systems? Oh right, they are. That’s why over the past year every conference I’ve attended had a session about SELinux and how much easier it is to use than it was last year.

Red Hat Magazine editor and SELinux guru Dan Walsh:

“Who’s afraid of SELinux? Well, if you are, you shouldn’t be! Thanks to the introduction of new GUI tools, customizing your system’s protection by creating new policy modules is easier than ever. In this article, Dan Walsh gently walks you through the policy module creation process.

A lot of people think that building a new SELinux policy is magic, but magic tricks never seem quite as difficult once you know how they’re done. This article explains how I build a policy module and gives you the step-by-step process for using the tools to build your own.”

Hmm, magic. Good one. I think when SELinux does work as advertised you’d be hard pressed to find a Linux administrator who doesn’t attribute some of that success to the Black Arts.

Does SELInux work? Is it really powerful? You bet it is, but maybe *too* powerful since users are routinely switching it off when it doesn’t allow them to do anything with their own systems.

Luckily for you RHEL users out there, Walsh goes beyond magic tricks and lays out a step-by-step explainer for SELinux policy module creation in his latest article at Red Hat Magazine. He advises users to start small, use new tools like polgengui, and then he just goes crazy with the steps (complete with screen grabs for the visual learners, like myself).

It’s a good read, and if my experience with Walsh is any indication (I’ve seen his presentation at the Red Hat Summit), there will be more to follow.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: