[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhQc0_dzTR0LMOqnkEjAC8DEFV6_fwAcVH+ayTiTo8udAA@mail.gmail.com>
Date: Wed, 17 May 2017 16:08:08 -0400
From: Paul Moore <paul@...l-moore.com>
To: Kees Cook <keescook@...omium.org>, Jonathan Corbet <corbet@....net>
Cc: John Johansen <john.johansen@...onical.com>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
David Howells <dhowells@...hat.com>,
Mimi Zohar <zohar@...ux.vnet.ibm.com>,
Casey Schaufler <casey@...aufler-ca.com>,
James Morris <james.l.morris@...cle.com>,
Tyler Hicks <tyhicks@...onical.com>,
David Safford <safford@...ibm.com>, linux-doc@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 08/17] doc: ReSTify SELinux.txt
On Sat, May 13, 2017 at 7:51 AM, Kees Cook <keescook@...omium.org> wrote:
> Adjusts for ReST markup and moves under LSM admin guide.
>
> Cc: Paul Moore <paul@...l-moore.com>
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
> .../SELinux.txt => admin-guide/LSM/SELinux.rst} | 18 ++++++++++++------
> Documentation/admin-guide/LSM/index.rst | 5 +++++
> Documentation/security/00-INDEX | 2 --
> MAINTAINERS | 1 +
> scripts/selinux/README | 2 +-
> 5 files changed, 19 insertions(+), 9 deletions(-)
> rename Documentation/{security/SELinux.txt => admin-guide/LSM/SELinux.rst} (71%)
I'm not sure if this has already been merged, but in case it hasn't
feel free to add my sign-off. Thanks Kees.
Signed-off-by: Paul Moore <paul@...l-moore.com>
> diff --git a/Documentation/security/SELinux.txt b/Documentation/admin-guide/LSM/SELinux.rst
> similarity index 71%
> rename from Documentation/security/SELinux.txt
> rename to Documentation/admin-guide/LSM/SELinux.rst
> index 07eae00f3314..f722c9b4173a 100644
> --- a/Documentation/security/SELinux.txt
> +++ b/Documentation/admin-guide/LSM/SELinux.rst
> @@ -1,27 +1,33 @@
> +=======
> +SELinux
> +=======
> +
> If you want to use SELinux, chances are you will want
> to use the distro-provided policies, or install the
> latest reference policy release from
> +
> http://oss.tresys.com/projects/refpolicy
>
> However, if you want to install a dummy policy for
> -testing, you can do using 'mdp' provided under
> +testing, you can do using ``mdp`` provided under
> scripts/selinux. Note that this requires the selinux
> userspace to be installed - in particular you will
> need checkpolicy to compile a kernel, and setfiles and
> fixfiles to label the filesystem.
>
> 1. Compile the kernel with selinux enabled.
> - 2. Type 'make' to compile mdp.
> + 2. Type ``make`` to compile ``mdp``.
> 3. Make sure that you are not running with
> SELinux enabled and a real policy. If
> you are, reboot with selinux disabled
> before continuing.
> - 4. Run install_policy.sh:
> + 4. Run install_policy.sh::
> +
> cd scripts/selinux
> sh install_policy.sh
>
> Step 4 will create a new dummy policy valid for your
> kernel, with a single selinux user, role, and type.
> -It will compile the policy, will set your SELINUXTYPE to
> -dummy in /etc/selinux/config, install the compiled policy
> -as 'dummy', and relabel your filesystem.
> +It will compile the policy, will set your ``SELINUXTYPE`` to
> +``dummy`` in ``/etc/selinux/config``, install the compiled policy
> +as ``dummy``, and relabel your filesystem.
> diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst
> index 7e892b9b58aa..cc0e04d63bf9 100644
> --- a/Documentation/admin-guide/LSM/index.rst
> +++ b/Documentation/admin-guide/LSM/index.rst
> @@ -29,3 +29,8 @@ will always include the capability module. The list reflects the
> order in which checks are made. The capability module will always
> be first, followed by any "minor" modules (e.g. Yama) and then
> the one "major" module (e.g. SELinux) if there is one configured.
> +
> +.. toctree::
> + :maxdepth: 1
> +
> + SELinux
> diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX
> index 190a023a7e72..aaa0195418b3 100644
> --- a/Documentation/security/00-INDEX
> +++ b/Documentation/security/00-INDEX
> @@ -1,7 +1,5 @@
> 00-INDEX
> - this file.
> -SELinux.txt
> - - how to get started with the SELinux security enhancement.
> Smack.txt
> - documentation on the Smack Linux Security Module.
> Yama.txt
> diff --git a/MAINTAINERS b/MAINTAINERS
> index f2261713043c..c85108b4f6c7 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -11551,6 +11551,7 @@ S: Supported
> F: include/linux/selinux*
> F: security/selinux/
> F: scripts/selinux/
> +F: Documentation/admin-guide/LSM/SELinux.rst
>
> APPARMOR SECURITY MODULE
> M: John Johansen <john.johansen@...onical.com>
> diff --git a/scripts/selinux/README b/scripts/selinux/README
> index 4d020ecb7524..5ba679c5be18 100644
> --- a/scripts/selinux/README
> +++ b/scripts/selinux/README
> @@ -1,2 +1,2 @@
> -Please see Documentation/security/SELinux.txt for information on
> +Please see Documentation/admin-guide/LSM/SELinux.rst for information on
> installing a dummy SELinux policy.
> --
> 2.7.4
>
--
paul moore
www.paul-moore.com
Powered by blists - more mailing lists