lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHC9VhQc0_dzTR0LMOqnkEjAC8DEFV6_fwAcVH+ayTiTo8udAA@mail.gmail.com>
Date:   Wed, 17 May 2017 16:08:08 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Kees Cook <keescook@...omium.org>, Jonathan Corbet <corbet@....net>
Cc:     John Johansen <john.johansen@...onical.com>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        David Howells <dhowells@...hat.com>,
        Mimi Zohar <zohar@...ux.vnet.ibm.com>,
        Casey Schaufler <casey@...aufler-ca.com>,
        James Morris <james.l.morris@...cle.com>,
        Tyler Hicks <tyhicks@...onical.com>,
        David Safford <safford@...ibm.com>, linux-doc@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 08/17] doc: ReSTify SELinux.txt

On Sat, May 13, 2017 at 7:51 AM, Kees Cook <keescook@...omium.org> wrote:
> Adjusts for ReST markup and moves under LSM admin guide.
>
> Cc: Paul Moore <paul@...l-moore.com>
> Signed-off-by: Kees Cook <keescook@...omium.org>
> ---
>  .../SELinux.txt => admin-guide/LSM/SELinux.rst}        | 18 ++++++++++++------
>  Documentation/admin-guide/LSM/index.rst                |  5 +++++
>  Documentation/security/00-INDEX                        |  2 --
>  MAINTAINERS                                            |  1 +
>  scripts/selinux/README                                 |  2 +-
>  5 files changed, 19 insertions(+), 9 deletions(-)
>  rename Documentation/{security/SELinux.txt => admin-guide/LSM/SELinux.rst} (71%)

I'm not sure if this has already been merged, but in case it hasn't
feel free to add my sign-off.  Thanks Kees.

Signed-off-by: Paul Moore <paul@...l-moore.com>

> diff --git a/Documentation/security/SELinux.txt b/Documentation/admin-guide/LSM/SELinux.rst
> similarity index 71%
> rename from Documentation/security/SELinux.txt
> rename to Documentation/admin-guide/LSM/SELinux.rst
> index 07eae00f3314..f722c9b4173a 100644
> --- a/Documentation/security/SELinux.txt
> +++ b/Documentation/admin-guide/LSM/SELinux.rst
> @@ -1,27 +1,33 @@
> +=======
> +SELinux
> +=======
> +
>  If you want to use SELinux, chances are you will want
>  to use the distro-provided policies, or install the
>  latest reference policy release from
> +
>         http://oss.tresys.com/projects/refpolicy
>
>  However, if you want to install a dummy policy for
> -testing, you can do using 'mdp' provided under
> +testing, you can do using ``mdp`` provided under
>  scripts/selinux.  Note that this requires the selinux
>  userspace to be installed - in particular you will
>  need checkpolicy to compile a kernel, and setfiles and
>  fixfiles to label the filesystem.
>
>         1. Compile the kernel with selinux enabled.
> -       2. Type 'make' to compile mdp.
> +       2. Type ``make`` to compile ``mdp``.
>         3. Make sure that you are not running with
>            SELinux enabled and a real policy.  If
>            you are, reboot with selinux disabled
>            before continuing.
> -       4. Run install_policy.sh:
> +       4. Run install_policy.sh::
> +
>                 cd scripts/selinux
>                 sh install_policy.sh
>
>  Step 4 will create a new dummy policy valid for your
>  kernel, with a single selinux user, role, and type.
> -It will compile the policy, will set your SELINUXTYPE to
> -dummy in /etc/selinux/config, install the compiled policy
> -as 'dummy', and relabel your filesystem.
> +It will compile the policy, will set your ``SELINUXTYPE`` to
> +``dummy`` in ``/etc/selinux/config``, install the compiled policy
> +as ``dummy``, and relabel your filesystem.
> diff --git a/Documentation/admin-guide/LSM/index.rst b/Documentation/admin-guide/LSM/index.rst
> index 7e892b9b58aa..cc0e04d63bf9 100644
> --- a/Documentation/admin-guide/LSM/index.rst
> +++ b/Documentation/admin-guide/LSM/index.rst
> @@ -29,3 +29,8 @@ will always include the capability module. The list reflects the
>  order in which checks are made. The capability module will always
>  be first, followed by any "minor" modules (e.g. Yama) and then
>  the one "major" module (e.g. SELinux) if there is one configured.
> +
> +.. toctree::
> +   :maxdepth: 1
> +
> +   SELinux
> diff --git a/Documentation/security/00-INDEX b/Documentation/security/00-INDEX
> index 190a023a7e72..aaa0195418b3 100644
> --- a/Documentation/security/00-INDEX
> +++ b/Documentation/security/00-INDEX
> @@ -1,7 +1,5 @@
>  00-INDEX
>         - this file.
> -SELinux.txt
> -       - how to get started with the SELinux security enhancement.
>  Smack.txt
>         - documentation on the Smack Linux Security Module.
>  Yama.txt
> diff --git a/MAINTAINERS b/MAINTAINERS
> index f2261713043c..c85108b4f6c7 100644
> --- a/MAINTAINERS
> +++ b/MAINTAINERS
> @@ -11551,6 +11551,7 @@ S:      Supported
>  F:     include/linux/selinux*
>  F:     security/selinux/
>  F:     scripts/selinux/
> +F:     Documentation/admin-guide/LSM/SELinux.rst
>
>  APPARMOR SECURITY MODULE
>  M:     John Johansen <john.johansen@...onical.com>
> diff --git a/scripts/selinux/README b/scripts/selinux/README
> index 4d020ecb7524..5ba679c5be18 100644
> --- a/scripts/selinux/README
> +++ b/scripts/selinux/README
> @@ -1,2 +1,2 @@
> -Please see Documentation/security/SELinux.txt for information on
> +Please see Documentation/admin-guide/LSM/SELinux.rst for information on
>  installing a dummy SELinux policy.
> --
> 2.7.4
>



-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ