linuxine

This is a good video that guides to install and active SELinux in few minutes.”I made this video to show how easy is install and activate Security Enhanced Linux on Debian.”the poster  said. Read More »

Last month, I wrote about confining the user with SELinux. I explained that–as of Fedora 9–SELinux supports the concept of the confined user and comes with 5 confined user types defined.

• guest_t – Terminal login, nosetuid, nonetwork, noxwindows, noexec in homedir
• xguest_t – X Windows Login and terminal login, nosetuid, nonetwork, noexec in homedir
• user_t - X Windows Login and terminal login, nosetuid, noexec in homedir
• staff_t - X Windows Login and terminal login, nosetuid except sudo
• unconfined_t – Full login, able to run with almost all privs as with SELinux disabled.

These confined users are a great starting point, but what if you want to create a confined user with different privileges?

I want to create a limited privilege terminal login user with the ability to send mail and read/write files in the /maildir directory.

My son Timothy uses his confined xguest account, but is not happy because he wants to communicate with his friends using AOL.

Fedora 9 has the solution. The SELinux management environment (system-config-selinux) has been updated and includes the ability to build customized SELinux policy modules for the confinement of users.

Remember, this tool is just a wizard–it helps create a framework for building policy. You can then use tools like audit2allow or the package eclipse-slide for further editing of the policy. Thiswill give you a good head start.

In the toolbar panel select:

System->Administration->SELinux Management

This starts system-config-selinux.

Select Policy Module and then Select the New button.

Read complete article…