Next: 2 Background of SELinux
Up: SELinux Policy Editor(SEEdit) Administration
Previous: Contents
Contents
SELinux is included in many distros, but it has been disabled by many users
because of they feel SELinux is too difficult.
SELinux Policy Editor(seedit) is a tool that make SELinux easy.
seedit is composed of Simplified Policy and utilities that handle
Simplified Policy.The main component is Simplified Policy.
Simplified Policy is a SELinux policy that is described by Simplified
Policy Description Language(SPDL).SPDL resolves difficulty of SELinux.
SPDL simplifies SELinux by reducing number of permissions and hiding
labels.
Following is a example of policy described by SPDL.
{
domain httpd_t;
program /usr/sbin/httpd;
...
allow /var/www/** r,s;
allownet -protocol tcp -port 80 server;
...
}
You can easily understand what the policy says. Customize is also
easy, because of helper tools.
It's original version was developed by Hitachi Software(http://www.selinux.hitachi-sk.co.jp/).
It has been re-designed and almost re-written by Yuichi
Nakamura(ynakam@gwu.edu) since version 1.0.
Yuichi Nakamura
2007-02-13