Information Plan

* Existing Red Hat !KnowledgeBase articles: <http://www.redhat.com/search?q=selinux&site=redhat_kbase&asp_charset=ISO-8859-1&filter=0&client=kbase&proxystylesheet=kbase&lr=lang_en>.

Purpose of the documentation

Provide administrators with a guide that details how to work with and manage confined services in Fedora 11. Documentation will cover:

* brief introduction to SELinux.
* performing system administration tasks without turning SELinux off.
* troubleshoot issues (include Red Hat Bugzilla and permissive domains).
* allow administrators to manage SELinux without employing someone else to do so.

Audience

System administrators.

Audience goals

Perform system administration tasks without turning SELinux off:

* share files via Samba, FTP, NFS, and HTTP.
* share files between multiple services.
* manage BIND (for example, accept zone updates).
* label files so that services can access them (semanage fcontext).
* customize the ports services listen on (semanage port -a).
* use non-default directories to store files for services.

Table of Contents ideas

{{{ 1. Introduction

- brief introduction to SELinux. - brief introduction to confined and unconfined services.

2. Apache HTTP Server - what httpd is and does. 2.1 The Apache HTTP Server and SELinux - explain default behavior: * ports to listen on (http_port_t). * files/directories httpd can and cannot access. 2.2. Types

                - how to list them.

- defined types. - how to change them and when to change them (chcon, semanage).

2.3. Booleans - how to list httpd related Booleans. - describe each Boolean. - getsebool and setsebool.

2.4. Configuration examples - see man pages. - non-default directories for services. - customized port numbers. - sharing files.

Repeat #2 for Samba, FTP, NFS, BIND, etc...

X. Troubleshooting }}}