SELinux is a MAC implementation for Linux that is flexible, powerful and secure. If you've never used a MAC-system you'll probably need some time getting used to SELinux, but I can assure you that after a while it will seem very natural to think in terms of SELinux-permissions.
The best place to start learning SELinux is probably the HOWTO written by Faye Coker.
Configuring SELinux is done by adapting the policy to your system. Updating this policy can be a painful thing, because you almost certainly have local changes which you want to preserve. Configuring policy also involves moving many files around.
To make updating and maintaining policy easier, I have made an
arch-repository available which contains the
latest policy from the
sourceforge CVS. The archive is named
tbleher@gmx.de--selinux
(You can browse it here)
and is available at http://www.cip.ifi.lmu.de/~bleher/arch/selinux/.
This archive is GPG-signed using my public
key.
Available branches:
policy--fedora--0 | Fedora policy |
policy--suse--0 | my SuSE policy, resynced once in a while to my internal tree and fedora policy |
policy--devo--0 | my devo branch, currently inactive |
policy--snapshot--0 | cvs snapshot, updated most often |
I have written down a few notes for those new to Arch: Using Arch for SELinux-Policy management
I have built SELinux packages for SuSE 10.0. Check them out
Feel free to contact me