Tips for Taming SE Linux, Part Two
Dec 05, 2007, 08:30 (0 Talkback[s])
(Other stories by Carla Schroder)
"Last week we took the eagle's eye view of the principles behind
SELinux. Today we'll dig a bit more deeply into SELinux policies,
and then fire up Fedora 8 and see what SELinux looks like in
practice. I recommend using the latest Fedora version as a SELinux
training tool, because Fedora has the most mature implementation
and userspace tools. Red Hat Enterprise Linux and CentOS, the
leading Red Hat clone, have similar SELinux setups to Fedora.
Gentoo also has a nice SELinux implementation. I don't recommend
starting from scratch. Start with a working setup, and then plan to
spend considerable time learning your way around it, because it is
a big complex beast.
"It's not that SELinux itself is so complex; it's the scale of
it. SELinux wants to touch every file and process on your system.
Fedora, RHEL, and Gentoo come with prefab policies, and this is a
good thing because writing SELinux policies is a large