diff options
Diffstat (limited to 'xml/selinux/index.xml')
| -rw-r--r-- | xml/selinux/index.xml | 156 |
1 files changed, 0 insertions, 156 deletions
diff --git a/xml/selinux/index.xml b/xml/selinux/index.xml deleted file mode 100644 index 08fc361..0000000 --- a/xml/selinux/index.xml +++ /dev/null @@ -1,156 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<?xml-stylesheet href="/xsl/project.xsl" type="text/xsl"?> -<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?> -<!DOCTYPE project SYSTEM "/dtd/project.dtd"> -<!--$Header: /var/cvsroot/gentoo/xml/htdocs/proj/en/hardened/selinux/index.xml,v 1.43 2011/04/25 20:12:59 zorry Exp $--> -<project> - -<name>SELinux</name> -<longname>SELinux</longname> - -<description> -SELinux is a system of mandatory access controls. SELinux can enforce -the security policy over all processes and objects in the system. -</description> - -<longdescription> -<p> -This project manages SELinux support in Gentoo. This includes providing -kernels with SELinux support, providing patches to userland utilities, writing -strong Gentoo-specific default profiles, and maintaining a good default set of -policies. -</p> - -<p> -<uri link="http://www.nsa.gov/research/selinux/index.shtml">Security-Enhanced -Linux</uri> (SELinux) is a Mandatory Access Control system using type -enforcement and role-based access control. It is integrated within Linux as a -<uri link="http://lsm.immunix.org/">Linux Security Module</uri> (LSM) -implementation. In addition to the kernel portion, SELinux consists of a library -(libselinux) and userland utilities for compiling policy (checkpolicy), and loading -policy (policycoreutils), in addition to other user programs. -</p> - -<p> -One common misconception is that SELinux is a complete security solution. It is -not. SELinux only provides access control on system objects. It can work well -with other Hardened projects, such as PaX, for a more complete solution. -</p> - -</longdescription> - -<goals> -<p> -Our goal is to make SELinux (with Gentoo Hardened) available to more users. -As a result, we -</p> - -<ul> - <li> - develop, improve and maintain the proper documentation and learning - material for end users to master SELinux - </li> - <li> - maintain a stable yet progressive set of userland tools that are needed - to interoperate with SELinux on a Linux system (such as the core utilities, - libselinux and more) - </li> - <li> - focus on the integration of SELinux and SELinux-awareness within the Gentoo - distribution, offering the necessary feedback on Portage and other utilities - </li> - <li> - develop, improve and maintain a good and secure default policy, based on the - reference policy, so that end users have no difficulties working with and - enhancing SELinux within their environment - </li> -</ul> -</goals> - -<dev role="lead" description="Documentation, Userspace tools, Policy development">SwifT</dev> -<dev role="developer" description="Policy development, Userspace tools">pebenito</dev> -<dev role="developer" description="Policy development, Proxy (non developer contributors)">blueness</dev> -<dev role="developer" description="Policy development, Support">prometheanfire</dev> - -<resource link="/proj/en/hardened/selinux/selinux-handbook.xml">Gentoo SELinux Handbook (concepts, installation, maintenance)</resource> -<resource link="/proj/en/hardened/selinux-faq.xml">Gentoo SELinux FAQ</resource> -<resource link="/proj/en/hardened/selinux-development.xml">Gentoo Hardened SELinux Development Guide</resource> -<resource link="/proj/en/hardened/selinux-bugreporting.xml">Reporting SELinux (policy) bugs</resource> -<resource link="/proj/en/hardened/selinux-policy.xml">Gentoo Hardened SELinux Development Policy</resource> -<resource link="/proj/en/hardened/roadmap.xml">Gentoo Hardened Roadmap (includes SELinux development)</resource> -<resource link="/proj/en/hardened/support-state.xml">Gentoo Hardened Support Matrices (includes SELinux)</resource> - -<extrachapter position="devs"> -<title>Contributors</title> -<section> -<body> - -<p> -The following people, although non-developer, are actively contributing to the project: -</p> -<table> -<tr><th>Contributor</th><th>Nickname</th><th>Role</th></tr> -<tr><ti>Chris Richards</ti><ti>gizmo</ti><ti>Policy development, support</ti></tr> -</table> - -</body> -</section> -</extrachapter> - -<extrachapter position="bottom"> -<title>I Want to Participate</title> -<section> -<body> -<p> -To participate in the SELinux project first join the mailing list at -<c>gentoo-hardened@gentoo.org</c>. Then ask if there are plans to support -something that you are interested in, propose a new subproject that you are -interested in or choose one of the planned subprojects to work on. You may talk -to the developers and users in the IRC channel <c>#gentoo-hardened</c> on -<c>irc.freenode.net</c> for more information or just to chat about the project -or any subprojects. If you don't have the ability to actively help by -contributing work we will always need testers to use and audit the SELinux -policies. All development, testing, feedback, and productive comments will -be greatly appreciated. -</p> -</body> -</section> - -<section> -<title>Policy Submissions</title> -<body> - -<p> -The critical component of a SELinux system is having a strong policy. The -team does its best to support as many daemons as possible. However, we cannot -create policies for daemons with which we are unfamiliar. But we are happy -to receive policy submissions for consideration. There are a few requirements: -</p> - -<ul> - <li> - Make comments (in the policy and/or bug), so we can understand changes - from the Reference Policy example policy. - </li> - <li> - The policy should cover common installations. Please do not submit policies - for odd or nonstandard daemon configurations. - </li> - <li> - We need to know if the policy is dependent on another policy (for example - rpcd is dependent on portmap) other than base-policy. - </li> -</ul> - -<p> -The policy should be submitted on <uri link="http://bugs.gentoo.org/">bugzilla</uri>. -Please attach the .te and .fc files separately to the bug, not as a tarball. -The bug should be Cc'ed to <c>selinux@gentoo.org</c> and will be properly -reassigned by the team. -</p> - -</body> -</section> -</extrachapter> - -</project> |