Information Plan

• Existing Red Hat Knowledgebase articles.

Purpose of the documentation

Provide administrators with a guide that details how to work with and manage confined services in Fedora 11. Documentation will cover:

• brief introduction to SELinux.
• performing system administration tasks without turning SELinux off.
• troubleshoot issues (include Red Hat Bugzilla and permissive domains).
• allow administrators to manage SELinux without employing someone else to do so.

Audience

System administrators.

Audience goals

Perform system administration tasks without turning SELinux off:

• share files via Samba, FTP, NFS, and HTTP.
• share files between multiple services.
• manage BIND (for example, accept zone updates).
• label files so that services can access them (semanage fcontext).
• customize the ports services listen on (semanage port -a).
• use non-default directories to store files for services.

Table of Contents ideas

1. Introduction

- brief introduction to SELinux.
- brief introduction to confined and unconfined services.

2. Apache HTTP Server
- what httpd is and does.
	2.1 The Apache HTTP Server and SELinux
	- explain default behavior:
				  * ports to listen on (http_port_t).
				  * files/directories httpd can and cannot access.
	2.2. Types
                 - how to list them.
		 - defined types.
		 - how to change them and when to change them (chcon, semanage).

	2.3. Booleans
		- how to list httpd related Booleans.
		- describe each Boolean.
		- getsebool and setsebool.

	2.4. Configuration examples
		- see man pages.
		- non-default directories for services.
		- customized port numbers.
		- sharing files.

Repeat #2 for Samba, FTP, NFS, BIND, etc...

X. Troubleshooting