Mailing List Archive: Feedback on updated SELinux docs

Feedback on updated SELinux docs

May 25, 2014, 1:13 AM

Post #1 of 3 (1534 views)

Overall, it looks really good. Kudos for a job well done.

I put in a couple of edits to try to improve a couple parts that seemed
a little hard to follow, but the main area for improvement I see is that
policy types are not discussed as a core concept. "Users and logins" mentions
targeted policy in the context of unconfined_u, but there's no preceding
section that could be linked in as a reference for more information.
The "expert" section on policy store does mention the standard policy types,
but it seems important enough topic that it deserves a mention in the
intro article (in particular, enough to guide user on choice between strict
and targeted).

Re: Feedback on updated SELinux docs [ In reply to ]

swift at gentoo

May 26, 2014, 12:02 AM

Post #2 of 3 (1466 views)

Permalink

On Sun, May 25, 2014 at 01:13:58AM -0700, S. Lockwood-Childs wrote:
> Overall, it looks really good. Kudos for a job well done.
>
> I put in a couple of edits to try to improve a couple parts that seemed
> a little hard to follow, but the main area for improvement I see is that
> policy types are not discussed as a core concept. "Users and logins" mentions
> targeted policy in the context of unconfined_u, but there's no preceding
> section that could be linked in as a reference for more information.
> The "expert" section on policy store does mention the standard policy types,
> but it seems important enough topic that it deserves a mention in the
> intro article (in particular, enough to guide user on choice between strict
> and targeted).

Hi

Thanks for the feedback and the edits.

I was hoping that policy stores were sufficiently documented in the
installation instructions [1] as most users will not need to switch types
afterwards.

[1]
https://wiki.gentoo.org/wiki/SELinux/Installation#Choosing_a_SELinux_policy_type

I am considering moving the policy document [2] to the user guides though. I
could enhance that document with more information about policy stores as
well without touching on the more in-depth feedback that is in the policy
store document [3]

[2] https://wiki.gentoo.org/wiki/SELinux/Policy
[3] https://wiki.gentoo.org/wiki/SELinux/Policy_store

Wkr,
Sven Vermeulen

Re: Feedback on updated SELinux docs [ In reply to ]

sjl at dent

May 26, 2014, 1:17 PM

Post #3 of 3 (1474 views)

Permalink

On Mon, May 26, 2014 at 07:02:10AM +0000, Sven Vermeulen wrote:
> On Sun, May 25, 2014 at 01:13:58AM -0700, S. Lockwood-Childs wrote:
> > Overall, it looks really good. Kudos for a job well done.
> >
> > I put in a couple of edits to try to improve a couple parts that seemed
> > a little hard to follow, but the main area for improvement I see is that
> > policy types are not discussed as a core concept. "Users and logins" mentions
> > targeted policy in the context of unconfined_u, but there's no preceding
> > section that could be linked in as a reference for more information.
> > The "expert" section on policy store does mention the standard policy types,
> > but it seems important enough topic that it deserves a mention in the
> > intro article (in particular, enough to guide user on choice between strict
> > and targeted).
>
> Hi
>
> Thanks for the feedback and the edits.
>
> I was hoping that policy stores were sufficiently documented in the
> installation instructions [1] as most users will not need to switch types
> afterwards.
>
> [1]
> https://wiki.gentoo.org/wiki/SELinux/Installation#Choosing_a_SELinux_policy_type
>
> I am considering moving the policy document [2] to the user guides though. I
> could enhance that document with more information about policy stores as
> well without touching on the more in-depth feedback that is in the policy
> store document [3]
>
> [2] https://wiki.gentoo.org/wiki/SELinux/Policy
> [3] https://wiki.gentoo.org/wiki/SELinux/Policy_store

Sounds like a good idea to me. Policy belongs as a core concept for new
users, rather than just getting a mention during installation. The section
under installation does look pretty clear, something like that would go well
in the to-be-transplanted Policy section.