The SELinux Notebook - The Foundations

Richard Haines wrote:This 3rd edition of the SELinux Notebook should help with explaining:
a) SELinux and its purpose in life.
b) The LSM / SELinux architecture, its supporting services and how they are implemented within GNU / Linux.
c) SELinux Networking, Virtual Machine, X-Windows, PostgreSQL and Apache/SELinux-Plus SELinux-aware capabilities.
d) The core SELinux policy language and how basic policy modules can be constructed for instructional purposes.
e) The core SELinux policy management tools with examples of usage.
f) The Reference Policy architecture, its supporting services and how it is implemented.
g) The integration of SELinux within Android - SEAndroid.

To demonstrate some of the SELinux capabilities, a supporting Notebook source tarball is available (notebook-source-3.0.tar.gz) that contains:
a) Building a Basic Policy - Describes how to build monolithic, base and loadable policy modules using core policy language statements and SELinux commands. This expands to a simple message filter using SECMARK, NetLabel and Labeled IPSec.
b) Example libselinux applications - This contains over 100 samples that use all libselinux 2.1.6 functions. There are also some supporting policy modules for the Fedora 16/17 targeted policy to show how the functions work.
c) Experimenting with X-Windows - Builds a sample selection manager application, a simple test application for the XSELinux extension Get/Set functions.
d) Experimenting with PostgreSQL 9.1 using sepgsql - This shows how to create a simple database that uses SELinux functionality. This is then expanded to demonstrate adding additional functions to support libselinux. There are also demos using Apache with threads (mod_selinux), PHP, Labeled IPSec and NetLabel. The policy modules supplied have been tested using Fedora 16/17 targeted policy.