SELinux - Finding info

November 13, 2012 - 2 min read
Old and probably not relevant

This post is around for historical reasons. I'm sure there is now (in 2021) much better blogs dedicated to selinux

If you look around the interwebs for SELinux information you will probably look around for a while and after some hours you will ask yourself why most of it is from 2006. To be honest, I really don't know. But if you think SELinux is dead because of this, think again. SELinux is very much alive. But one reason might be that SELinux is really stable and have proven so over a long time. That is why my theory is that it is more of less, done. There is no need to add features, its not needed. That being said, having a nice interface to write SELinux policies in will be more than welcome.

I will write a couple of blog articles from time to time about SELinux. So this entry is just to show you where I have found different information, and why I looked for exactly that info.

  • Eli Billauer have a really great blog post about creating SELinux policies. Read it!
  • danwalsh blog is a blog by Dan Walsh mostly about SELinux stuff.
  • tresys refpolicy api is at the one and only reference guide.
  • tresys refpolicy kernel files is a list of interfaces mostly used. Like file_types(), and its siblings. You can't really create policy modules without them as they define how your file/socket * whatever should act as. Deserves its own mention.
  • tresys refpolicy is a reference policy you can download.
  • tresys slide looks like a promising IDE. Is last updated in 2009 or something..
  • nsa docs is a list of resources.
  • nsa policy language is one of the very few places you can actually get a list of available policy module macros.
  • fedora policygentools a list of some tools to help you create policies. Mostly old stuff.

Added: 16. Nov 2012