SELinux Quick Start Guide


Table of Contents
1. Introduction
2. SELinux Overview
2.1. History
2.2. The SELinux Security Model
2.3. Security Contexts
2.3.1. User Identities
2.3.2. Roles
2.3.3. Domains and Types
2.4. Security Policies
2.4.1. Access Decisions
2.4.2. Transition Decisions
2.5. Requirements
2.5.1. Kernel
2.5.2. Shared Library
2.5.3. Filesystems and Extended Attributes
2.5.4. User Utilities
2.5.5. SELinux Policy
3. Administration
3.1. Disabling SELinux
3.2. SELinux Commands
3.2.1. chcon
3.2.2. checkpolicy
3.2.3. fixfiles
3.2.4. getenforce
3.2.5. newrole
3.2.6. restorecon
3.2.7. run_init
3.2.8. sestatus
3.2.9. setenforce
3.2.10. setsebool
3.2.11. seuser
3.3. Modified Linux Commands
3.3.1. cp
3.3.2. id
3.3.3. ls
3.3.4. mv
3.3.5. ps
3.3.6. cron
3.3.7. rsync
3.3.8. ssh
3.3.9. tar
3.3.10. logrotate
3.3.11. Password Related Commands
3.4. The /selinux Filesystem
3.5. Filesystem Relabeling
3.6. Logging and Auditing
3.6.1. Reading Log Entries
3.6.2. audit2allow
3.6.3. Log Rate Limiting
4. SELinux Policy
4.1. Policy Rules
4.1.1. type
4.1.2. allow
4.1.3. auditallow
4.1.4. dontaudit
4.1.5. neverallow
4.2. Policy Macros
4.3. File Contexts
4.4. Compiling Policy
4.5. Policy Booleans
4.6. Policy Development Example
4.6.1. Localized customization
4.6.2. Daemon Policy Example
A. Resources
B. mysqld.te Policy Source